CVE-2024-11956

Опубликовано: 28 янв. 2025

Источник: nvd

CVSS3: 4.7

CVSS3: 7.2

CVSS2: 5.8

EPSS Низкий

Описание

A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component.

Ссылки

https://github.com/pimcore/customer-data-framework/releases/tag/v4.2.1
Release Notes
https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277
Exploit
Vendor Advisory
https://vuldb.com/?ctiid.293906
Permissions Required
VDB Entry
https://vuldb.com/?id.293906
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.451863
Third Party Advisory
VDB Entry
https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*

Версия до 4.2.1 (исключая)

EPSS

Процентиль: 0%

0.00003

Низкий

4.7 Medium

CVSS3

7.2 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-q53r-9hh9-w277

CVSS3: 7.2

github

около 1 года назад

pimcore/customer-data-framework vulnerable to SQL Injection

EPSS

Процентиль: 0%

0.00003

Низкий

4.7 Medium

CVSS3

7.2 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74

CWE-89