Lucene search
+L

4 matches found

snyk
snyk
added 2026/05/27 12:35 a.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the processing of JSON filter parameters in the translation grid endpoint, specifically when handling the property field in date filters. An attacker can extract arbitrary database data and potentially achieve remote co...

8.8CVSS6.6AI score0.00035EPSS
Exploits0References2
github
github
added 2026/05/27 12:35 a.m.17 views

Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter

GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Severit...

6.9CVSS6.3AI score0.00457EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/05/27 12:35 a.m.5 views

GHSA-H4PH-CRVJ-9H92 Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter

GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Severit...

8.8CVSS6.3AI score0.00035EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.28 views

PT-2026-43629

GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIX TIMESTAMPDATEFROM UNIXTIME... SQL expression without parameterization or allowlist validation...

8.8CVSS6.1AI score0.00457EPSS
Exploits1References6
Rows per page
Query Builder