Pimcore.SearchController.php.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in Pimcore.
This vulnerability is due to improper input validation in the search function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection and, in the worst case, execution of arbitrary code.
Affected Products
Pimcore prior to 10.5.19
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |