exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2018-14058

Status Candidate

Overview

Pimcore before 5.3.0 allows SQL Injection via the REST web service API.

Related Files

Pimcore Gather Credentials via SQL Injection
Posted Aug 31, 2024
Authored by Shelby Pace, N. Rai-Ngoen, Thongchai Silpavarangkura | Site metasploit.com

This Metasploit module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcores REST API. Pimcore begins to create password hashes by concatenating a users username, the name of the application, and the users password in the format USERNAME:pimcore:PASSWORD. The resulting string is then used to generate an MD5 hash, and then that MD5 hash is used to create the final hash, which is generated using PHPs built-in password_hash function.

tags | exploit, web, php, sql injection
advisories | CVE-2018-14058
SHA-256 | a1fac0dca0eb708a1348babebd5e4be27016a27680c8d2967d94171f313a98ca
Pimcore 5.2.3 CSRF / Cross Site Scripting / SQL Injection
Posted Aug 16, 2018
Authored by T. Silpavarangkura, N. Rai-Ngoen | Site sec-consult.com

Pimcore versions 5.2.3 and below suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2018-14057, CVE-2018-14058, CVE-2018-14059
SHA-256 | aba5d313c5fdfdbdc045ef60b644c928c5b431384880c30e65d8e7dc0393c95b
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close