3 matches found
CVE-2023-47637
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of getFilterConditi...
CVE-2023-47637 SQL Injection in Admin Grid Filter API in Pimcore
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of getFilterConditi...
CVE-2023-47637
Pimcore contains a SQL injection in the Admin Grid Filter API. In affected versions, the /admin/object/grid-proxy endpoint calls getFilterCondition() on class fields to build SQL from user input, and Multiselect’s implementation does not normalize/escape/validate that input. This allows any backe...