Lucene search

Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()

🗓️ 15 Nov 2023 14:24:53Reported by GoogleType

osv🔗 osv.dev👁 24 Views

Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt(). User input allows executing arbitrary SQL statements

Reporter	Title	Published	Views	Family All 8
Veracode	Sql Injection	16 Nov 202306:13	–	veracode
Prion	Design/Logic Flaw	15 Nov 202320:15	–	prion
Github Security Blog	Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()	15 Nov 202314:53	–	github
Vulnrichment	CVE-2023-47637 SQL Injection in Admin Grid Filter API in Pimcore	15 Nov 202319:13	–	vulnrichment
Cvelist	CVE-2023-47637 SQL Injection in Admin Grid Filter API in Pimcore	15 Nov 202319:13	–	cvelist
NVD	CVE-2023-47637	15 Nov 202320:15	–	nvd
CVE	CVE-2023-47637	15 Nov 202320:15	–	cve
OSV	CVE-2023-47637	15 Nov 202320:15	–	osv

Source	Link
github	www.github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-47637
github	www.github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0
github	www.github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php
github	www.github.com/pimcore/pimcore
github	www.github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Nov 2023 14:53Current

8.3High risk

Vulners AI Score8.3

CVSS38.8

EPSS0.00128

SSVC