CVE-2023-47637
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | pimcore/pimcore | <11.1.1 | 11.1.1 |
References
- https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p
- https://nvd.nist.gov/vuln/detail/CVE-2023-47637
- https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0
- https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311
- https://github.com/pimcore/pimcore
- https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312
Verify integrity in audit chain (admin only). AS-IS.