CVE-2023-28438

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch	Patch
https://github.com/pimcore/pimcore/pull/14526	Patch Vendor Advisory
https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx	Patch Vendor Advisory
https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch	Patch
https://github.com/pimcore/pimcore/pull/14526	Patch Vendor Advisory
https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:55

Type	Values Removed	Values Added
References	~~() https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch - Patch~~	() https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch - Patch
References	~~() https://github.com/pimcore/pimcore/pull/14526 - Patch, Vendor Advisory~~	() https://github.com/pimcore/pimcore/pull/14526 - Patch, Vendor Advisory
References	~~() https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx - Patch, Vendor Advisory~~	() https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.0~~	v2 : unknown v3 : 6.2

Information

Published : 2023-03-22 21:15

Updated : 2024-11-21 07:55

NVD link : CVE-2023-28438

Mitre link : CVE-2023-28438

CVE.ORG link : CVE-2023-28438

JSON object : View

Products Affected

pimcore

pimcore

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-28438", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2023-03-22T21:15:18.520", "references": [{"url": "https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pimcore/pimcore/pull/14526", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/pimcore/pimcore/pull/14526", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually."}], "lastModified": "2024-11-21T07:55:04.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F355AEC-329F-43D1-A3D7-44C2481A1999", "versionEndExcluding": "10.5.19"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}