[HIGH] Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save

PKSA-vp19-ydt7-tws9 CVE-2026-5394 GHSA-r2f4-ff2p-xc64

Affected package: pimcore/pimcore

Affected version: <=12.3.6

Reported by:
GitHub