CVE-2024-11956

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11956

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11956.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-11956

Aliases

GHSA-q53r-9hh9-w277

Related

GHSA-q53r-9hh9-w277

Published

2025-01-28T14:15:29Z

Modified

2025-05-28T10:37:48.826447Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/pimcore/customer-data-framework

Affected ranges

Type: GIT
Repo: https://github.com/pimcore/customer-data-framework
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8da6d00cff036ee5ec6f5595e8b99a704e9ee12c

Affected versions

1.*

1.0.0

1.0.1

1.3.17

1.3.19

2.*

2.4.5

2.5.1

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.10.0

v1.10.1

v1.11.0

v1.12.0

v1.12.1

v1.13.0

v1.13.1

v1.14.0

v1.14.1

v1.14.2

v1.14.3

v1.14.4

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.3.0

v1.3.1

v1.3.10

v1.3.11

v1.3.12

v1.3.13

v1.3.14

v1.3.15

v1.3.16

v1.3.18

v1.3.19

v1.3.2

v1.3.20

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.1

v1.4.10

v1.4.11

v1.4.12

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.6

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.8.0

v1.9.0

v1.9.1

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.6

v2.4.7

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.6.0

v2.6.1

v2.6.2

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v3.1.1

v3.2.0

v3.2.1

v3.2.10

v3.2.11

v3.2.12

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3.0

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v4.*

v4.0.0

v4.0.0-BETA1

v4.0.0-BETA2

v4.0.0-RC1

v4.0.0-RC2

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.1.0

v4.1.1

v4.1.2

v4.2.0

v4.2.0-RC1