Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.
References
Link | Resource |
---|---|
https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch | Patch |
https://github.com/pimcore/pimcore/pull/14972 | Vendor Advisory |
https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-27T15:03:31.257Z
Updated: 2023-04-27T15:03:31.257Z
Reserved: 2023-04-18T16:13:15.881Z
Link: CVE-2023-30848
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-27T16:15:11.273
Modified: 2023-05-05T16:53:10.463
Link: CVE-2023-30848
JSON object: View
Redhat Information
No data.
CWE