Customer Management Framework
CVE-2023-2756
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
AnalysisAI
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Affected products include: Pimcore Customer Management Framework. Version information: prior to 3.3.10..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. Rated medium severity (CVSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. Rated medium se
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. Rated medium severi
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated me
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. Rat
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, perso
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today