CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2629 – Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-2629
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. • https://github.com/pimcore/customer-data-framework/commit/4e0105c3a78d20686a0c010faef27d2297b98803 https://huntr.dev/bounties/821ff465-4754-42d1-9376-813c17f16a01 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-31867 – Pimcore Customer Data Framework 'SegmentAssignmentController.php' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2021-31867
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product. Pimcore Customer Data Framework versiones 3.0.0 y anteriores, sufren un problema de inyección SQL ciega basada en booleanos en el parámetro $id del componente SegmentAssignmentController.php de la aplicación. Este problema se ha corregido en la versión 3.0.2 del producto • https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •