漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
Vulnerability Description
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the `CustomerTransformerController` within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error disclosure and potential data extraction. Version 4.1.9 fixes the issue.
CVSS Information
N/A
Vulnerability Type
SQL注入:Hibernate
Vulnerability Title
CoreShop 安全漏洞
Vulnerability Description
CoreShop是CoreShop开源的一个电子商务系统。 CoreShop 4.1.9之前版本存在安全漏洞,该漏洞源于CustomerTransformerController中用户输入被不当内插到SQL查询,可能导致SQL注入和数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A