High severityNVD Advisory· Published Apr 27, 2023· Updated Jan 30, 2025
Pimcore SQL Injection Vulnerability in Admin Translations API
CVE-2023-30850
Description
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pimcore/pimcorePackagist | < 10.5.21 | 10.5.21 |
Affected products
1Patches
17e32cc281452fixed sql injection in translation api (#14952)
1 file changed · +1 −1
bundles/AdminBundle/Controller/Admin/TranslationController.php+1 −1 modified@@ -650,7 +650,7 @@ protected function getGridFilterCondition(Request $request, $tableName, $languag } if ($field && $value) { - $condition = $field . ' ' . $operator . ' ' . $db->quote($value); + $condition = $db->quoteIdentifier($field) . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition;
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-jwg4-qcgv-5wg6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-30850ghsaADVISORY
- github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38ghsaWEB
- github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patchghsax_refsource_MISCWEB
- github.com/pimcore/pimcore/pull/14952ghsax_refsource_MISCWEB
- github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.