CVE-2022-1429
published 2022-04-22CVE-2022-1429: SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
64.61%
99.1th percentile
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pimcore | pimcore | < 10.3.6 | 10.3.6 |
| pimcore | pimcore | >= 0 < 10.3.6 | 10.3.6 |
| pimcore | pimcore_pimcore | >= unspecified < 10.3.6 | 10.3.6 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
cisa7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SQL Injection found in Pimcore
osv·2022-04-23
CVE-2022-1429 [HIGH] SQL Injection found in Pimcore
SQL Injection found in Pimcore
Pimcore is an open source data & experience management platform. A SQL injection was discovered in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6.
GHSA
SQL Injection found in Pimcore
ghsa·2022-04-23
CVE-2022-1429 [HIGH] CWE-89 SQL Injection found in Pimcore
SQL Injection found in Pimcore
Pimcore is an open source data & experience management platform. A SQL injection was discovered in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6.
CISA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2019-1429 [HIGH] CWE-416 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-1429
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
2022-04-22
Published