2 matches found
CVE-2023-2338 SQL Injection in pimcore/pimcore
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2338
The CVE-2023-2338 entry affects pimcore/pimcore versions prior to 10.5.21. The vulnerability is a SQL Injection in the AssetController caused by unsanitized string concatenation in a where clause, enabling an attacker to dump/alter data or cause DoS on the backend database. Remediation: upgrade t...