6 matches found
CVE-2022-1219
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...
Pimcore SQL Injection Vulnerability (CNVD-2022-85099)
Pimcore is an open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a SQL injection vulnerability, whic...
SQL Injection
pimcore/pimcore is vulnerable to sql injection. The vulnerability exists due to the lack of sanitization in the listAction function of RecyclebinController.php which allows a malicious user to inject and execute arbitrary sql queries...
SQL Injection in Pimcore
Pimcore prior to version 10.3.5 is vulnerable SQL injection in RecyclebinController.php. This vulnerability affects data confidentiality...
CVE-2022-1219 SQL injection in RecyclebinController.php in pimcore/pimcore
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...
SQL injection in RecyclebinController.php
Description From the code we can see that in line 122, the value is append to the sql query directly. The value can be from line 109. And from filter parameter . so we can use the value data to inject the database. if we set a wrong value. we can see the sql error from the log file . Proof of...