4 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the processing of JSON filter parameters in the translation grid endpoint, specifically when handling the property field in date filters. An attacker can extract arbitrary database data and potentially achieve remote co...
Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Severit...
GHSA-H4PH-CRVJ-9H92 Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Severit...
PT-2026-43629
GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIX TIMESTAMPDATEFROM UNIXTIME... SQL expression without parameterization or allowlist validation...