How severe is CVE-2023-28438?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-28438?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2023-28438 - HIGH Severity | CVSS 8

Vulnerability Description

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.

Related Vulnerabilities

CVE-2015-10038

HIGH

CVSS:8.0(High)

A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 28...

CWE-892015

CVE-2015-10039

HIGH

CVSS:8.0(High)

A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulat...

CWE-892015

CVE-2015-8356

HIGH

CVSS:8.0(High)

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admi...

CWE-892015

CVE-2018-16850

HIGH

CVSS:8.0(High)

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can caus...

CWE-892018

CVE-2020-10802

HIGH

CVSS:8.0(High)

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search acti...

CWE-892020

CVE-2020-10804

HIGH

CVSS:8.0(High)

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/User...

CWE-892020