CVE-2021-31869 MEDIUM

CVE-2021-31869: Pimcore AdminBundle 'specificID' SQL Injection

Vendor Pimcore

Product Pimcore AdminBundle

Weakness CWE-89 · SQLi

Published August 4, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.

Key dates

02Disclosure timeline

August 4, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-31869

Related vulnerabilities

04Related CVE

CVE-2025-13568 itsourcecode COVID Tracking System page sql injection CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module CVE-2025-2675 PHPGurukul Bank Locker Management System add-lockertype.php sql injection CVE-2026-4815 SQL Injection vulnerability in Support Board CVE-2024-8335 OpenRapid RapidCMS runlogon.php sql injection