SQL Injection

pimcore/pimcore is vulnerable to sql injection. The vulnerability exists due to improper quoting of columns in setOrderKey function and setGroupBy function of AbstractListing.php when using setOrderBy or setGroupBy on listing classes...