pimcore/pimcore is a content & product management framework (CMS/PIM/E-Commerce).
Affected versions of this package are vulnerable to SQL Injection.
An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via
tables parameters, using a payload for trigger a time based or error based sql injection.
pimcore/pimcore to version 6.3.0 or higher.