2019-11-18 19:55:07
snyk
PUBLISHED
pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via id, storeId, pageSize and tables parameters, using a payload for trigger a time based or error based sql injection.