Published: 15/03/2022 Updated: 25/03/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sylius syliusgridbundle
sylius syliusgridbundle 1.11.0

CWE-89 https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2 https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439 https://github.com/Sylius/SyliusGridBundle/pull/222 https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784 https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-24752

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect