VYPR
Moderate severityNVD Advisory· Published Mar 11, 2025· Updated Mar 12, 2025

Pimcore Vulnerable to SQL Injection in getRelationFilterCondition

CVE-2025-27617

Description

Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pimcore/pimcorePackagist
< 11.5.411.5.4

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.