3 matches found
Pimcore Gather Credentials via SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pimcore Gather Credentials via SQL Injection', 'Description' = %q This module extracts the usernames and hashed passwords of all users of the...
CVE-2018-14058
CVE-2018-14058 affects Pimcore prior to 5.3.0, enabling SQL Injection via the REST web service API. The vulnerability targets the Pimcore REST API and can disclose data through injectable queries; exact root cause details are not provided in the initial documents, but multiple sources corroborate...
Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and bel...