Security Advisory

CVE-2019-10763

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-11-18 19:55:07

Last updated 2024-08-04 22:32:01

Assigner snyk

State PUBLISHED

Description

pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via id, storeId, pageSize and tables parameters, using a payload for trigger a time based or error based sql injection.

← Browse all CVEs View on cve.org ↗