Security Vulnerability Report
中文
CVE-2026-22242 CVSS 4.9 MEDIUM

CVE-2026-22242

Published: 2026-01-08 10:15:56
Last Modified: 2026-01-12 16:42:52
Source: [email protected]

Description

CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8.

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:coreshop:coreshop:*:*:*:*:*:*:*:* - VULNERABLE
CoreShop < 4.1.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
布尔盲注示例: 1' AND 1=1-- 1' AND 1=2-- 时间盲注示例: 1'; SELECT CASE WHEN (1=1) THEN pg_sleep(5) ELSE pg_sleep(0) END--

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22242", "sourceIdentifier": "[email protected]", "published": "2026-01-08T10:15:56.127", "lastModified": "2026-01-12T16:42:51.783", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8."}, {"lang": "es", "value": "CoreShop es una solución de comercio electrónico mejorada con Pimcore. Antes de la versión 4.1.8, existe una vulnerabilidad de inyección SQL ciega en la aplicación que permite a un usuario autenticado con nivel de administrador extraer el contenido de la base de datos utilizando técnicas basadas en booleanos o en tiempo. La cuenta de la base de datos utilizada por la aplicación es de solo lectura y no es DBA, limitando el impacto solo a la divulgación de datos confidenciales. No es posible la modificación de datos ni la interrupción del servicio. Este problema ha sido parcheado en la versión 4.1.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-564"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:coreshop:coreshop:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.1.8", "matchCriteriaId": "6D2A63DE-1084-454E-934C-6F3A9BF401DD"}]}]}], "references": [{"url": "https://github.com/coreshop/CoreShop/commit/59e84fec59d113952b6d28a9b30c6317f9e6e5dd", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.