SQL Injection in Admin Grid Filter API in Pimcore
CVE-2023-47637
What is CVE-2023-47637?
The Pimcore Open Source Data & Experience Management Platform is vulnerable to SQL injection through the /admin/object/grid-proxy endpoint. This vulnerability arises when the getFilterCondition() method processes unsanitized input, permitting malicious users with basic permissions to execute arbitrary SQL queries. This flaw could lead to unauthorized data modifications or privilege escalations to admin-level access. Users are strongly encouraged to upgrade to version 11.1.1 to mitigate risks associated with this vulnerability. No workarounds are available.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
pimcore < 11.1.1
References
EPSS Score
77% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved