7.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7759

GHSA ID

GHSA-8jmh-c6vr-pmvm

EPSS Score

0.07061%

CWE

CWE-89

Published

5/6/2021

Updated

2/1/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-7759

CVE-2020-7759: SQL Injection in pimcore

"The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{"keyId"%3a"''","groupId"%3a"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+"}]"

(GitHub Advisory)

7.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7759

GHSA ID

GHSA-8jmh-c6vr-pmvm

EPSS Score

0.07061%

CWE

CWE-89

Published

5/6/2021

Updated

2/1/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pimcore/pimcore	composer	>= 6.7.2, < 6.8.3	6.8.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is explicitly in ClassificationstoreController's data classification functionality
The exploit uses the 'relationIds' parameter which is handled by the relations endpoint
The GitHub PR #7315 shows the fix involved adding proper quoting for relationIds in SQL queries
The vulnerability pattern matches unsafe SQL concatenation with user-controlled input
Controller actions in Symfony-based Pimcore typically map directly to methods named {actionName}Action

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

"T** p**k*** pim*or*/pim*or* *rom *.*.* *n* ***or* *.*.* *r* vuln*r**l* to SQL Inj**tion in **t* *l*ssi*i**tion *un*tion*lity in *l*ssi*i**tionstor**ontroll*r. T*is **n ** *xploit** *y s*n*in* * sp**i*i**lly-*r**t** input in t** r*l*tionI*s p*r*m*t*r

Reasoning

*. T** vuln*r**ility is *xpli*itly in *l*ssi*i**tionstor**ontroll*r's **t* *l*ssi*i**tion *un*tion*lity *. T** *xploit us*s t** 'r*l*tionI*s' p*r*m*t*r w*i** is **n*l** *y t** r*l*tions *n*point *. T** *it*u* PR #**** s*ows t** *ix involv** ***in* pr

7.2

Basic Information

Concerned about an active attack path?

CVE-2020-7759: SQL Injection in pimcore

7.2

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI