Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.10 views

CVE-2023-28438

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...

8CVSS7.5AI score0.00856EPSS
Exploits0References1
NVD
NVD
added 2023/03/22 9:15 p.m.34 views

CVE-2023-28438

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...

8CVSS6.9AI score0.00856EPSS
Exploits0References3
CVE
CVE
added 2023/03/22 8:46 p.m.70 views

CVE-2023-28438

PIMCORE CVE-2023-28438 affects Pimcore prior to version 10.5.19. A user with 'report' permission can trigger arbitrary SQL via a GET endpoint with no CSRF protection; combined path traversal and SQL injection allow creation of arbitrary files and, with the SQL injection, potential webshell or PHP...

8CVSS7.2AI score0.00856EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/22 8:46 p.m.9 views

CVE-2023-28438 Pimcore vulnerable to improper quoting of filters in Custom Reports

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...

6.2CVSS8AI score0.00856EPSS
Exploits0References3
Rows per page
Query Builder