3 matches found
CVE-2024-23646
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...
CVE-2024-23646
Pimcore Admin Classic Bundle (1.x) before 1.3.2 contains an SQL Injection in the selectedIds parameter used by the admin asset download flow (download-as-zip-add-files). Any backend user with basic permissions can execute arbitrary SQL and escalate to admin-level access. The fix is in 1.3.2. Affe...
CVE-2024-23646 Pimcore Admin Classic Bundle SQL Injection in Admin download files as zip
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...