logo_clicknbuy.png

CVE-2024-11956 – Pimcore Customer-Data-Framework SQL Injection Vulnerability

The following table lists the changes that have been made to the
CVE-2024-11956 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Jan. 28, 2025

    Action Type Old Value New Value
    Added Description A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
    Added CVSS V2 (AV:N/AC:L/Au:M/C:P/I:P/A:P)
    Added CWE CWE-89
    Added CWE CWE-74
    Added Reference https://github.com/pimcore/customer-data-framework/releases/tag/v4.2.1
    Added Reference https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277
    Added Reference https://vuldb.com/?ctiid.293906
    Added Reference https://vuldb.com/?id.293906
    Added Reference https://vuldb.com/?submit.451863
  • CVE Modified
    by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jan. 28, 2025

    Action Type Old Value New Value
    Added Reference https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277
Share the Post:

Related Posts