CVE-2024-11956 | Pimcore customer-data-framework up to 4.2.0 list filterDefinition/filter sql injection (GHSA-q53r-9hh9-w277)

Inserito da Angelo Barbosa | Gen 28, 2025 | CVE

A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection.

This vulnerability is handled as CVE-2024-11956. The attack may be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-11956 | Pimcore customer-data-framework up to 4.2.0 list filterDefinition/filter sql injection (GHSA-q53r-9hh9-w277)

Post correlati

CVE-2024-21993 | NetApp SnapCenter up to 5.0 cleartext storage (ntap-20240705-0007)

CVE-2023-6885 | Tongda OA 2017 up to 11.10 delete.php DELETE_STR sql injection

CVE-2024-32978 | Kaminari up to 0.16.1 default permission (GHSA-7r3j-qmr4-jfpj)

CVE-2024-12230 | PHPGurukul Complaint Management System 1.0 /admin/subcategory.php category sql injection