Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-2756

MEDIUM
Published 2023-05-17T00:00:00.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-2756. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.0
6.5
/10
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.055
probability
of exploitation in the wild

There is a 5.5% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.897
Higher than 89.7% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Description

SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

pimcore

pimcore/customer-data-framework

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query

GHSA-25fx-3c2q-cq46

Advisory Details

### Impact An administrator user can use the inheritable segments feature to execute his own blind SQL queries. A user with administrator privileges can run any SQL query on database. This can be used to retrieve sensitive data, change database information or any other malicious activity against the database. ### Patches Update to version 3.3.10 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/76df151737b7964ce5169fdf9e27a0ad801757fe.patch ### Workarounds Apply https://github.com/pimcore/customer-data-framework/commit/76df151737b7964ce5169fdf9e27a0ad801757fe.patch manually. ### References https://huntr.dev/bounties/cf398528-819f-456e-88e7-c06d268d3f44/

Affected Packages

Packagist pimcore/customer-management-framework-bundle
ECOSYSTEM: ≥0 <3.3.10

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

WEB https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-25fx-3c2q-cq46
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-2756
WEB https://github.com/pimcore/customer-data-framework/commit/76df151737b7964ce5169fdf9e27a0ad801757fe
PACKAGE https://github.com/pimcore/customer-data-framework
WEB https://huntr.dev/bounties/cf398528-819f-456e-88e7-c06d268d3f44

Advisory provided by GitHub Security Advisory Database. Published: May 17, 2023, Modified: May 25, 2023

References

https://huntr.dev/bounties/cf398528-819f-456e-88e7-c06d268d3f44
https://github.com/pimcore/customer-data-framework/commit/76df151737b7964ce5169fdf9e27a0ad801757fe
Published: 2023-05-17T00:00:00.000Z
Last Modified: 2025-01-22T18:08:00.855Z
Copied to clipboard!