GHSA-qjpx-5m2p-5pgh

Опубликовано: 11 мар. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.3

Описание

Pimcore Vulnerable to SQL Injection in getRelationFilterCondition

Summary

Authenticated users can craft a filter string used to cause a SQL injection.

Details

Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer. This code does not look to sanitize inputs: https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47

c.f. with https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347

PoC

Complete instructions, including specific configuration details, to reproduce the vulnerability.

Impact

What kind of vulnerability is it? Who is impacted?

Ссылки

Пакеты

Наименование

pimcore/pimcore

composer

Затронутые версииВерсия исправления

< 11.5.4

11.5.4

EPSS

Процентиль: 66%

0.0051

Низкий

6.3 Medium

CVSS4

CVE ID

CVE-2025-27617

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-27617

CVSS3: 8.8

nvd

11 месяцев назад

Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.

EPSS

Процентиль: 66%

0.0051

Низкий

6.3 Medium

CVSS4

CVE ID

CVE-2025-27617

Дефекты

CWE-89