CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-11956 – Pimcore customer-data-framework list sql injection
https://notcve.org/view.php?id=CVE-2024-11956
28 Jan 2025 — A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/pimcore/customer-data-framework/releases/tag/v4.2.1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 4CVE-2023-4145 – Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-4145
03 Aug 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. • https://github.com/miguelc49/CVE-2023-4145-3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2881 – Storing Passwords in a Recoverable Format in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-2881
25 May 2023 — Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. • https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •