CVE-2022-1339
published 2022-04-13CVE-2022-1339: SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
5.46%
91.7th percentile
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pimcore | pimcore | < 10.3.5 | 10.3.5 |
| pimcore | pimcore | >= 0 < 10.3.5 | 10.3.5 |
| pimcore | pimcore_pimcore | >= unspecified < 10.3.5 | 10.3.5 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SQL Injection in Pimcore
ghsa·2022-04-14
CVE-2022-1339 [HIGH] CWE-89 SQL Injection in Pimcore
SQL Injection in Pimcore
Pimcore prior to version 10.3.5 is vulnerable to SQL injection in ElementController.php. This vulnerability causes loss of data confidentiality.
OSV
SQL Injection in Pimcore
osv·2022-04-14
CVE-2022-1339 [HIGH] SQL Injection in Pimcore
SQL Injection in Pimcore
Pimcore prior to version 10.3.5 is vulnerable to SQL injection in ElementController.php. This vulnerability causes loss of data confidentiality.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-13
Published