Moderate severityNVD Advisory· Published Nov 18, 2019· Updated Aug 4, 2024
CVE-2019-10763
CVE-2019-10763
Description
pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pimcore/pimcorePackagist | < 6.3.0 | 6.3.0 |
Affected products
2- pimcore/pimcoredescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-fpff-384j-vxq7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10763ghsaADVISORY
- blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.