CVE-2023-5192 : Excessive Data Query Operations in a Large Data Table in GitHub repository pimco

Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.

Published 2023-09-27 15:19:43

Updated 2023-09-29 13:00:15

Source huntr.dev

View at NVD, CVE.org

Products affected by CVE-2023-5192

Pimcore » Core
Versions before (<) 10.3.0
cpe:2.3:a:pimcore:core:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H	0.9	5.2	huntr.dev
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: High Availability: High
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L	3.9	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: Low

CWE-1049 Excessive Data Query Operations in a Large Data Table

The product performs a data query with a large number of joins and sub-queries on a large data table.

Assigned by: security@huntr.dev (Primary)

https://github.com/pimcore/demo/commit/a2a7ff3b565882aefb759804aac4a51afb458f1f

Disable introspection (#437) · pimcore/demo@a2a7ff3 · GitHub
Patch
https://huntr.dev/bounties/65c954f2-79c3-4672-8846-a3035e7a1db7

Instropection query is enabled on demo.pimcore.fun vulnerability found in demo
Exploit;Third Party Advisory

Jump to