EPSS
Percentile
82.9%
pimcore/pimcore is vulnerable to SQL Injection attacks. The library does not sanitize API endpoints properly, allowing a malicious user to inject and execute arbitrary SQL queries through the REST web service API.
github.com/pimcore/pimcore/commit/4168e9bd1e6af985a270de9c879547c80a862b06
www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/