CVE-2018-14058
Title: Pimcore Injection (SQLi/OSi)
Injection (SQLi/OSi)
Proof Of Concept
PoC Available for CVE-2018-14058
CWE Category
CWE-89
Published Date
Aug 17, 2018
Modified Date
Nov 21, 2024
Exploit Status
Available
Score
6.5
CVSS v3.0
Exploit Probability (EPSS)
1.51%
Vulnerability Summary
CVE-2018-14058: Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
Impacted Vendors
Reference Links
http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html
http://seclists.org/fulldisclosure/2018/Aug/13
https://www.exploit-db.com/exploits/45208/
https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/
http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html
http://seclists.org/fulldisclosure/2018/Aug/13
https://www.exploit-db.com/exploits/45208/
https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/
CVSS v3.0
Source Entity
[email protected]
Severity
MEDIUM
6.5
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
Source Entity
[email protected]
Severity
MEDIUM
4.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:L/Au:S/C:P/I:N/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2018-14058 Exploits & PoCs (Proof Of Concept)
Exploit-DB
https://www.exploit-db.com/exploits/45208
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
CVSS Vector String
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Stack
No specific products linked.