CVE-2023-3820

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 21, 2023

Updated: Jul 26, 2023

CWE ID 502

Summary

CVE-2023-3820 denotes a SQL injection vulnerability in the GitHub repository pimcore/pimcore. This issue affects versions of the software prior to 10.6.4. An attacker could exploit this flaw by injecting malicious SQL statements into the application, potentially gaining unauthorized access to sensitive data or executing arbitrary code. Successful exploitation could lead to serious consequences, including data theft or system compromise. The vulnerability has been addressed in version 10.6.4, and users are urged to update as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe ColdFusion

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-y89d
https://www.cve.org/CVERecord?id=CVE-2023-3820
https://nvd.nist.gov/vuln/detail/CVE-2023-3820

Back to Vulnerability Database