Login Sign Up

CVE-2023-30848

8.8 HIGH
SQL Injection

📋 TL;DR

CVE-2023-30848 is a SQL injection vulnerability in Pimcore's admin search find API that allows attackers to execute arbitrary SQL commands. This affects all Pimcore installations prior to version 10.5.21. Attackers could potentially access, modify, or delete database content.

💻 Affected Systems

Products:
  • Pimcore
Versions: All versions prior to 10.5.21
Operating Systems: All platforms running Pimcore
Default Config Vulnerable: ⚠️ Yes
Notes: Requires access to admin search functionality, but no special configuration needed.

📦 What is this software?

Pimcore by Pimcore

View all CVEs affecting Pimcore →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation within the Pimcore application.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions, potentially only allowing data viewing.

🌐 Internet-Facing: HIGH - Admin interfaces are often exposed to the internet, and SQL injection can be exploited remotely.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but requires access to the admin interface.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic tools. Requires admin authentication to access the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.5.21

Vendor Advisory: https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8

Restart Required: Yes

Instructions:

1. Backup your Pimcore installation and database. 2. Update Pimcore to version 10.5.21 or later using composer: 'composer require pimcore/pimcore:10.5.21'. 3. Clear cache: 'bin/console cache:clear'. 4. Restart your web server.

🔧 Temporary Workarounds

Manual patch application

all

Apply the security patch from GitHub commit without full upgrade

Apply patch from: https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch

🧯 If You Can't Patch

  • Restrict access to admin interface using network ACLs or VPN
  • Implement web application firewall (WAF) with SQL injection rules

🔍 How to Verify

Check if Vulnerable:

Check Pimcore version via admin interface or composer.json. If version is below 10.5.21, system is vulnerable.

Check Version:

composer show pimcore/pimcore | grep version

Verify Fix Applied:

Verify version is 10.5.21 or higher. Test admin search functionality to ensure proper input validation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts to admin interface
  • Suspicious search patterns in application logs

Network Indicators:

  • Unusual traffic to /admin/search/find endpoint
  • SQL error messages in HTTP responses

SIEM Query:

source="web_logs" AND (uri="/admin/search/find" AND (status=500 OR contains(message,"SQL")))

📊 Metadata

CVE ID: CVE-2023-30848
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: April 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30848, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)