SQL Injection in pimcore/pimcore
Jan 9th 2022
storeId parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection.
Proof of Concept
Add items to Classification Store: Key definition, Group,...
Injection (boolean base):
A successful attack may result the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, write file to server lead to Remote code Execute, or write script to extract data