Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3820: [Bug]: Quote sorting key (#15523) · pimcore/pimcore@e641968

SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE
#sql#js#git

Expand Up @@ -571,15 +571,16 @@ public function prepareListingForGrid(array $requestParams, string $requestedLan if (strpos($orderKey, ‘?’) !== false) { $brickDescriptor = substr($orderKeyParts[0], 1); $brickDescriptor = json_decode($brickDescriptor, true); $db = Db::get(); $orderKey = $db->quoteIdentifier($brickDescriptor[‘containerKey’] . ‘_localized’) . ‘.’ . $db->quoteIdentifier($brickDescriptor[‘brickfield’]); $orderKey = $list->quoteIdentifier($brickDescriptor[‘containerKey’] . ‘_localized’) . ‘.’ . $list->quoteIdentifier($brickDescriptor[‘brickfield’]); $doNotQuote = true; } elseif (count($orderKeyParts) === 2) { $orderKey = $orderKeyParts[0].’.’.$orderKeyParts[1]; $orderKey = $list->quoteIdentifier($orderKeyParts[0]) . ‘.’ . $list->quoteIdentifier($orderKeyParts[1]); $doNotQuote = true; } } else { $orderKey = $list->getDao()->getTableName().’.’.$orderKey; $orderKey = $list->getDao()->getTableName() . ‘.’ . $list->quoteIdentifier($orderKey); $doNotQuote = true; } } Expand Down

Related news

GHSA-c9hw-557q-f8hq: Pimcore vulnerable to SQL Injection in Dataobjects sorting

### Impact Using some SQL exploitation tools such as sqlmap, an attacker can enumerate all information in the database, alter data or perform dos on the backend database. ### Patches Update to version 10.6.5 or apply this patch manually https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97.patch manually. ### References https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db/

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907