customer-data-framework — Vulnerabilities & Security Advisories 5

All 5 CVE vulnerabilities found in customer-data-framework, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-11956	Pimcore customer-data-framework list sql injection CWE-89	4.7	Medium	2025-01-28
CVE-2024-21667	Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts CWE-284	6.5	Medium	2024-01-11
CVE-2024-21666	Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list CWE-284	6.5	Medium	2024-01-11
CVE-2023-49076	Pimcore missing token/header to prevent CSRF CWE-352	4.3	Medium	2023-11-30
CVE-2023-32075	Pimcore vulnerable to Business Logic Errors in Customer automation rules CWE-20	4.3	Medium	2023-05-11

All 5 known CVE vulnerabilities affecting customer-data-framework with full Chinese analysis, references, and POCs where available.