5 matches found
Input validation
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting i...
CVE-2022-31092 SQL injection in pimcore
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting i...
SQL Injection
pimcore/pimcore is vulnerable to sql injection. The vulnerability exists due to improper quoting of columns in setOrderKey function and setGroupBy function of AbstractListing.php when using setOrderBy or setGroupBy on listing classes...
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore
Impact Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the...
GHSA-GVMF-WCX6-P974 Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore
Impact Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the...