{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T01:07:08.526","vulnerabilities":[{"cve":{"id":"CVE-2026-22242","sourceIdentifier":"security-advisories@github.com","published":"2026-01-08T10:15:56.127","lastModified":"2026-01-12T16:42:51.783","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8."},{"lang":"es","value":"CoreShop es una solución de comercio electrónico mejorada con Pimcore. Antes de la versión 4.1.8, existe una vulnerabilidad de inyección SQL ciega en la aplicación que permite a un usuario autenticado con nivel de administrador extraer el contenido de la base de datos utilizando técnicas basadas en booleanos o en tiempo. La cuenta de la base de datos utilizada por la aplicación es de solo lectura y no es DBA, limitando el impacto solo a la divulgación de datos confidenciales. No es posible la modificación de datos ni la interrupción del servicio. Este problema ha sido parcheado en la versión 4.1.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-564"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coreshop:coreshop:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.8","matchCriteriaId":"6D2A63DE-1084-454E-934C-6F3A9BF401DD"}]}]}],"references":[{"url":"https://github.com/coreshop/CoreShop/commit/59e84fec59d113952b6d28a9b30c6317f9e6e5dd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}