SQL Injection in pimcore/pimcore
Jan 9th 2022
storeId parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection.
Proof of Concept
Add items to Classification Store: Key definition, Group,...
Injection (boolean base):
A successful attack may result the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, write file to server lead to Remote code Execute, or write script to extract data
Bernhard Rusch validated this vulnerability a year ago
laladee has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bernhard Rusch marked this as fixed with commit 66281c a year ago
This vulnerability will not receive a CVE
to join this conversation