Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-fpff-384j-vxq7

Опубликовано: 02 дек. 2019
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

Data leakage via SQL Injection in Pimcore

pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection.

Ссылки

Пакеты

Наименование

pimcore/pimcore

composer
Затронутые версииВерсия исправления

< 6.3.0

6.3.0

EPSS

Процентиль: 1%
0.00008
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2019-10763

Дефекты

CWE-89

Связанные уязвимости

nvd логотип

CVE-2019-10763

CVSS3: 6.5
nvd
около 6 лет назад

pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection.

EPSS

Процентиль: 1%
0.00008
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2019-10763

Дефекты

CWE-89