Customer Management Framework
CVE-2023-2629
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
AnalysisAI
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-1236. Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. Affected products include: Pimcore Customer Management Framework. Version information: prior to 3.3.9..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated high severity (CVSS 7.2), this
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. Rated medium severity (CVSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. Rated medium se
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. Rated medium severi
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated me
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. Rat
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, perso
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today