CVE-2020-7759 Information

Description

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[\keyId\3a'’\groupId\3a'asd’))+or+13d1+union+(select+123456name8password’‘1112’‘14+from+users)+–+]

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/pimcore/pimcore/pull/7315 https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1017405

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2