CVE-2026-23959 - CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

CVE ID : CVE-2026-23959 Published : Jan. 22, 2026, 3:15 a.m. | 30 minutes ago Description : CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the `CustomerTransformerController` within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error disclosure and potential data extraction. Version 4.1.9 fixes the issue. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...