CVE-2022-24752
📋 TL;DR
SyliusGridBundle versions before 1.10.1 and 1.11-rc2 have a SQL injection vulnerability where user-controlled sorting parameters are passed directly to the database without proper sanitization. This affects Symfony applications using SyliusGridBundle for data grid functionality. The maintainers acknowledge potential SQL injection risk but haven't confirmed exploitation vectors.
💻 Affected Systems
- SyliusGridBundle
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full database compromise allowing data exfiltration, modification, or deletion, potentially leading to complete system takeover if database permissions allow.
Likely Case
Data leakage from database tables accessible to the application's database user, potentially exposing sensitive information.
If Mitigated
No impact if proper input validation and parameterized queries are enforced at application layer.
🎯 Exploit Status
Exploitation requires ability to control sorting parameters, typically through authenticated API calls or user inputs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.10.1 or 1.11-rc2
Vendor Advisory: https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
Restart Required: No
Instructions:
1. Update SyliusGridBundle to version 1.10.1 or higher using composer: composer require sylius/grid-bundle:^1.10.1
2. Clear Symfony cache: php bin/console cache:clear
3. Verify no custom sorting implementations bypass the fix.
🔧 Temporary Workarounds
Custom Sorter Override
allOverride the vulnerable Sorter.php class with proper input validation before database queries.
Create custom class extending Sylius\Component\Grid\Sorting\Sorter with sanitized sorting logic
Register custom class in Symfony service container
🧯 If You Can't Patch
- Implement WAF rules to block SQL injection patterns in sorting parameters
- Disable sorting functionality in SyliusGridBundle configurations
🔍 How to Verify
Check if Vulnerable:
Check composer.json for sylius/grid-bundle version below 1.10.1Check Version:
composer show sylius/grid-bundle | grep versionsVerify Fix Applied:
Confirm version is 1.10.1 or higher via composer show sylius/grid-bundle📡 Detection & Monitoring
Log Indicators:
- Unusual database queries with unexpected ORDER BY clauses
- SQL syntax errors in application logs
Network Indicators:
- HTTP requests with suspicious sorting parameters containing SQL keywords
SIEM Query:
web_requests WHERE url_parameters CONTAINS 'ORDER BY' AND (url_parameters CONTAINS 'UNION' OR url_parameters CONTAINS 'SELECT' OR url_parameters CONTAINS 'INSERT')🔗 References
- https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
- https://github.com/Sylius/SyliusGridBundle/pull/222
- https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
- https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
- https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
- https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
- https://github.com/Sylius/SyliusGridBundle/pull/222
- https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
- https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
- https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
