Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/27 12:35 a.m.5 views

GHSA-3234-GXC3-PQ6F Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration

Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reportsconfig permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...

8.7CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/05/27 12:35 a.m.11 views

Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration

Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reportsconfig permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...

6AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.5 views

PT-2026-43628

Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reports config permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...

8.7CVSS6AI score
Exploits0References6
OSV
OSVadded 2024/09/18 3:15 p.m.6 views

CVE-2022-25775

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems...

7.2CVSS7.4AI score
Exploits0References1
NVD
NVDadded 2024/09/18 3:15 p.m.8 views

CVE-2022-25775

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems...

7.2CVSS0.00069EPSS
Exploits0References1
Veracode
Veracodeadded 2024/04/15 6:45 a.m.17 views

SQL Injection

mautic/core is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input within the Reports bundle. An attacker can retrieve and alter sensitive data, including login credentials, and depending on database permissions, manipulate file systems by injecti...

7.2CVSS7.2AI score0.00069EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2024/04/12 12:0 a.m.3 views

PT-2024-11537 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 Description: The issue affects logged in users of Mautic, making them vulnerable to an SQL injection vulnerability in the Reports bundle. This vulnerability allows an attacker to...

7.2CVSS8AI score0.00069EPSS
Exploits0References9
Rows per page
Query Builder