CNNVD-202601-2372 Information
CNNVD ID
CNNVD-202601-2372
Related CVE
- CNNVD Published: 2026-01-14
Description (Chinese)
Pimcore是奥地利Pimcore公司的一套开源的用于创建和管理Web应用程序的Web内容管理平台。该平台集成了Web内容管理、电子商务框架和产品信息管理等应用。 Pimcore 12.3.1之前版本和11.5.14之前版本存在SQL注入漏洞,该漏洞源于管理员搜索查找API中的SQL注入补丁不完整,可能导致经过身份验证的攻击者执行盲SQL注入。
Description (English)
Pimcore is an open-source web content management platform for the creation and management of Web applications by Pimcore Austria. The platform brings together applications such as Web content management, e-commerce frameworks and product information management. Prior to Pimcore 12.3.1 and prior to 11.5.14, there was an SQL injection loophole, which arose from the incompleteness of the SQL injection patch in the administrator ’ s search and search for API, which could lead to blind SQL injections being performed by an identified assailant.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Pimcore
Published
2026-01-14
Last Modified
2026-02-24
References
https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3 https://access.redhat.com/security/cve/cve-2026-23492
Patch
https://github.com/pimcore/pimcore/releases
Share on: