GHSA-2v7p-f4qm-r5pc

Source

https://github.com/advisories/GHSA-2v7p-f4qm-r5pc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-2v7p-f4qm-r5pc/GHSA-2v7p-f4qm-r5pc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2v7p-f4qm-r5pc

Aliases

CVE-2022-1429

Published

2022-04-23T00:03:03Z

Modified

2023-11-08T04:07:48.565759Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

SQL Injection found in Pimcore

Details

Pimcore is an open source data & experience management platform. A SQL injection was discovered in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6.

Database specific

{
    "nvd_published_at": "2022-04-22T09:15:00Z",
    "github_reviewed_at": "2022-05-03T21:01:41Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Packagist / pimcore/pimcore

Package

Name: pimcore/pimcore
Purl: pkg:composer/pimcore/pimcore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.3.6

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.3.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

4.*

4.0.0

4.0.1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0

4.3.0

4.3.1

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

v5.*

v5.0.0-RC

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1.0-alpha

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.3.0

v5.3.1

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v5.8.1

v5.8.2

v5.8.3

v5.8.4

v5.8.5

v5.8.6

v5.8.7

v5.8.8

v5.8.9

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.1.0

v6.1.1

v6.1.2

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.4.0

v6.4.1

v6.4.2

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.6.1

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.6.10

v6.6.11

v6.7.0

v6.7.1

v6.7.2

v6.7.3

v6.8.0

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.8.10

v6.8.11

v6.8.12

v6.9.0

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

v6.9.6

v10.*

v10.0.0-BETA1

v10.0.0-BETA2

v10.0.0-BETA3

v10.0.0-BETA4

v10.0.0

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.0.6

v10.0.7

v10.0.9

v10.1.0

v10.1.1

v10.1.2

v10.1.3

v10.1.4

v10.1.5

v10.2.0

v10.2.1

v10.2.2

v10.2.3

v10.2.4

v10.2.5

v10.2.6

v10.2.7

v10.2.8

v10.2.9

v10.2.10

v10.3.0

v10.3.1

v10.3.2

v10.3.3

v10.3.4

v10.3.5

10.*

10.0.8