Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
4
CVSSv2
CVE-2018-14058
Published: 17/08/2018 Updated: 12/10/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 405
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Vulnerability Summary
Pimcore prior to 5.3.0 allows SQL Injection via the REST web service API.
Subscribe to Pimcore
Vulnerability Trend
Vulnerable Product
Search on Vulmon
Subscribe to Product
pimcore pimcore
Exploits
Exploit DB: Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
SEC Consult Vulnerability Lab Security Advisory < 20180813-0 > ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 523 and below fixed version: 530 CVE number: CVE-2018-14057, CVE-2018-140 ...
Exploit DB: Pimcore 5.2.3 CSRF / Cross Site Scripting / SQL Injection
Pimcore versions 523 and below suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities ...
Mailing Lists
Full Disclosure: SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore
SEC Consult Vulnerability Lab Security Advisory < 20180813-0 > ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 523 and below fixed version: 530 CVE number: CVE-2018-14057, CVE-2018-140 ...
References
CWE-89
https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/
http://seclists.org/fulldisclosure/2018/Aug/13
http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html
https://www.exploit-db.com/exploits/45208/
https://nvd.nist.gov
http://seclists.org/fulldisclosure/2018/Aug/13
https://www.exploit-db.com/exploits/45208/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started