Количество 2
Количество 2
CVE-2026-22242
CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8.
GHSA-ch7p-mpv4-4vg4
CoreShop Vulnerable to SQL Injection via Admin Reports
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22242 CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8. | CVSS3: 4.9 | 0% Низкий | около 1 месяца назад |
| GHSA-ch7p-mpv4-4vg4 CoreShop Vulnerable to SQL Injection via Admin Reports | CVSS3: 4.9 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу