CVE-2026-5394 in Pimcoreالمعلومات

الملخص

بحسب MITRE • 27/04/2026

An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.

This issue affects pimcore: 12.3.3.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Fluid Attacks

حجز

02/04/2026

إفشاء

27/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-359878

EPSS

0.00011

KEV

لا

النشاطات

منخفض جدًا

القطاع

Energy, Telecommunication, ...

المصادر

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-5394
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-5394
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-5394/

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!