CVE-2021-31869

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-31869

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31869.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-31869

Published

2021-08-04T23:15:07.890Z

Modified

2026-03-14T10:58:27.829355Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.

References

https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/

Affected packages

Git / github.com/pimcore/pimcore

Affected ranges

Type

GIT

Repo

https://github.com/pimcore/pimcore

Events

Introduced

Fixed

6d2230bb3f0b12b19ba340517cd12e4022bb6aea

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.9.4"
        }
    ]
}

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.3.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

4.*

4.0.0

4.0.1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0

4.3.0

4.3.1

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

v5.*

v5.0.0

v5.0.0-RC

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1.0

v5.1.0-alpha

v5.1.1

v5.1.2

v5.1.3

v5.2.0

v5.2.3

v5.3.0

v5.3.1

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v5.8.1

v5.8.2

v5.8.3

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.1.0

v6.1.1

v6.1.2

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.4.0

v6.4.1

v6.4.2

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.6.1

v6.6.10

v6.6.11

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7.0

v6.7.1

v6.7.2

v6.7.3

v6.8.0

v6.8.1

v6.8.10

v6.8.11

v6.8.12

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9.0

v6.9.1

v6.9.2

v6.9.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31869.json"