Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/27 12:35 a.m.10 views

SQL Injection

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection in the columnConfigAction process. An attacker can access and manipulate sensitive database information, as well as modify or delete data, by...

8.7CVSS5.9AI score0.00027EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 12:35 a.m.17 views

Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration

Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reportsconfig permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...

6AI score0.00027EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-3430

Malware in sbrugna...

6.5CVSS6.4AI score0.01066EPSS
Exploits0References3
NVD
NVD
added 2014/05/29 2:19 p.m.15 views

CVE-2014-3417

uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet...

6.5CVSS6.2AI score0.01066EPSS
Exploits0References2
CVE
CVE
added 2014/05/29 2:0 p.m.45 views

CVE-2014-3417

CVE-2014-3417 affects uPortal before 4.0.13.1. The issue is an improper check of the CONFIG permission, allowing remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. The description implies a fix in 4.0.13.1; no exploitation details or in-the-wild...

6.5CVSS6.4AI score0.01066EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder