2 matches found
CVE-2015-4426
Pimcore CMS is affected by CVE-2015-4426: SQL injection via the filter parameter in admin/asset/grid-proxy. The issue exists in builds prior to 3473, with a fixed version at build 3473. Root cause is inadequate input filtering for the filter parameter, allowing arbitrary SQL execution. The vulner...
Pimcore CMS Build 3450 SQL Injection
Vulnerability title: SQL Injection In Pimcore CMS CVE: CVE-2015-4426 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: Details: It was possible to inject arbitrary SQL into the application provided an administrative accoun...