CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Coreshop: >> Coreshop >> 4.1.8 Security Vulnerabilities

CVE-2026-23959

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the `CustomerTransformerController` within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error disclosure and potential data extraction. Version 4.1.9 fixes the issue.

CVSS Score

4.9

EPSS Score

0.0

Published

2026-01-22

Page 1

Vulnerabilities

Vulnerable Software

Coreshop: >> Coreshop >> 4.1.8 Security Vulnerabilities

Products

Pricing

Contact Us