CVE-2023-30848
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-30848
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30848.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-30848
- Aliases
- Published
- 2023-04-27T15:03:31.257Z
- Modified
- 2025-11-29T14:14:12.707200Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Pimcore SQL Injection Vulnerability in Admin Search Find API
- Details
-
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30848.json", "cwe_ids": [ "CWE-89" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30848.json
- https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch
- https://github.com/pimcore/pimcore/pull/14972
- https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8
- https://nvd.nist.gov/vuln/detail/CVE-2023-30848
Affected packages
Git / github.com/pimcore/pimcore
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pimcore/pimcore
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.2.0
2.2.1
2.2.2
2.3.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
4.*
4.0.0
4.0.1
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
v10.*
v10.0.0
v10.0.0-BETA1
v10.0.0-BETA2
v10.0.0-BETA3
v10.0.0-BETA4
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v10.0.8
v10.0.9
v10.1.0
v10.1.1
v10.1.2
v10.1.3
v10.1.4
v10.1.5
v10.2.0
v10.2.1
v10.2.10
v10.2.2
v10.2.3
v10.2.4
v10.2.5
v10.2.6
v10.2.7
v10.2.8
v10.2.9
v10.3.0
v10.3.1
v10.3.2
v10.3.3
v10.3.4
v10.3.5
v10.3.6
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.5.0
v10.5.1
v10.5.10
v10.5.11
v10.5.12
v10.5.13
v10.5.14
v10.5.15
v10.5.16
v10.5.17
v10.5.18
v10.5.19
v10.5.2
v10.5.20
v10.5.3
v10.5.4
v10.5.5
v10.5.6
v10.5.7
v10.5.8
v10.5.9
v5.*
v5.0.0
v5.0.0-RC
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.1.0-alpha
v5.1.1
v5.1.2
v5.1.3
v5.2.0
v5.2.3
v5.3.0
v5.3.1
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.8.0
v5.8.1
v5.8.2
v5.8.3
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.1.0
v6.1.1
v6.1.2
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.4.0
v6.4.1
v6.4.2
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.6.0
v6.6.1
v6.6.10
v6.6.11
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7.0
v6.7.1
v6.7.2
v6.7.3
v6.8.0
v6.8.1
v6.8.10
v6.8.11
v6.8.12
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6