Posted by Portcullis Advisories on Jul 13

Vulnerability title: SQL Injection In Pimcore CMS
CVE: CVE-2015-4426
Vendor: Pimcore
Product: Pimcore CMS
Affected version: Build 3450
Fixed version: Build 3473
Reported by: Josh Foote
Details:

It was possible to inject arbitrary SQL into the application provided an administrative account with the ‘assets’
privilege.

Further details at:…