CVE-2022-1219
published 2022-04-08CVE-2022-1219: SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.42%
69.4th percentile
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pimcore | pimcore | < 10.3.5 | 10.3.5 |
| pimcore | pimcore | >= 0 < 10.3.5 | 10.3.5 |
| pimcore | pimcore_pimcore | >= unspecified < 10.3.5 | 10.3.5 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SQL Injection in Pimcore
osv·2022-04-09
CVE-2022-1219 [HIGH] SQL Injection in Pimcore
SQL Injection in Pimcore
Pimcore prior to version 10.3.5 is vulnerable SQL injection in RecyclebinController.php. This vulnerability affects data confidentiality.
GHSA
SQL Injection in Pimcore
ghsa·2022-04-09
CVE-2022-1219 [HIGH] CWE-89 SQL Injection in Pimcore
SQL Injection in Pimcore
Pimcore prior to version 10.3.5 is vulnerable SQL injection in RecyclebinController.php. This vulnerability affects data confidentiality.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-08
Published