CVE-2023-2338 - Vulnerability Details

Vendors	Products
Pimcore	Pimcore

Link	Providers
https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520
https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-2338", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2025-02-03T16:28:46.713Z", "dateReserved": "2023-04-27T00:00:00.000Z", "datePublished": "2023-04-27T00:00:00.000Z"}, "containers": {"cna": {"title": " SQL Injection in pimcore/pimcore", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-04-27T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21."}], "affected": [{"vendor": "pimcore", "product": "pimcore/pimcore", "versions": [{"version": "unspecified", "lessThan": "10.5.21", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462"}, {"url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command", "cweId": "CWE-89"}]}], "source": {"advisory": "bbf59fa7-cf5b-4945-81b0-328adc710462", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.801Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462", "tags": ["x_transferred"]}, {"url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-03T16:28:43.287625Z", "id": "CVE-2023-2338", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T16:28:46.713Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-2338 (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

assignerShortName : @huntrdev (string)

dateUpdated : 2025-02-03T16:28:46.713Z (string)

dateReserved : 2023-04-27T00:00:00.000Z (string)

datePublished : 2023-04-27T00:00:00.000Z (string)

}

containers : { »

cna : { »

title : SQL Injection in pimcore/pimcore (string)

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2023-04-27T00:00:00.000Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. (string)

}

]

affected : [ »

0 : { »

vendor : pimcore (string)

product : pimcore/pimcore (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 10.5.21 (string)

status : affected (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462 (string)

}

1 : { »

url : https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520 (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

version : 3.0 (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

attackVector : NETWORK (string)

attackComplexity : LOW (string)

privilegesRequired : HIGH (string)

userInteraction : NONE (string)

scope : UNCHANGED (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

lang : en (string)

description : CWE-89 Improper Neutralization of Special Elements used in an SQL Command (string)

cweId : CWE-89 (string)

}

]

}

]

source : { »

advisory : bbf59fa7-cf5b-4945-81b0-328adc710462 (string)

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T06:19:14.801Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-02-03T16:28:43.287625Z (string)

id : CVE-2023-2338 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-03T16:28:46.713Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462", "tags": ["x_transferred"]}, {"url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.801Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2338", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-03T16:28:43.287625Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T16:28:30.783Z"}}], "cna": {"title": " SQL Injection in pimcore/pimcore", "source": {"advisory": "bbf59fa7-cf5b-4945-81b0-328adc710462", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pimcore", "product": "pimcore/pimcore", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.5.21", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462"}, {"url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520"}], "descriptions": [{"lang": "en", "value": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-04-27T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2338", "state": "PUBLISHED", "dateUpdated": "2025-02-03T16:28:46.713Z", "dateReserved": "2023-04-27T00:00:00.000Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-04-27T00:00:00.000Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T06:19:14.801Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-2338 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-02-03T16:28:43.287625Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-03T16:28:30.783Z (string)

}

]

cna : { »

title : SQL Injection in pimcore/pimcore (string)

source : { »

advisory : bbf59fa7-cf5b-4945-81b0-328adc710462 (string)

discovery : EXTERNAL (string)

}

metrics : [ »

0 : { »

cvssV3_0 : { »

scope : UNCHANGED (string)

version : 3.0 (string)

baseScore : 7.2 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

]

affected : [ »

0 : { »

vendor : pimcore (string)

product : pimcore/pimcore (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 10.5.21 (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462 (string)

}

1 : { »

url : https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-89 (string)

description : CWE-89 Improper Neutralization of Special Elements used in an SQL Command (string)

}

]

}

]

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2023-04-27T00:00:00.000Z (string)

}

cveMetadata : { »

cveId : CVE-2023-2338 (string)

state : PUBLISHED (string)

dateUpdated : 2025-02-03T16:28:46.713Z (string)

dateReserved : 2023-04-27T00:00:00.000Z (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

datePublished : 2023-04-27T00:00:00.000Z (string)

assignerShortName : @huntrdev (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C", "versionEndExcluding": "10.5.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21."}], "id": "CVE-2023-2338", "lastModified": "2024-11-21T07:58:24.833", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-27T12:15:09.237", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch"], "url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 72C537D6-67BA-4562-B853-F99E6C14315C (string)

versionEndExcluding : 10.5.21 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. (string)

}

]

id : CVE-2023-2338 (string)

lastModified : 2024-11-21T07:58:24.833 (string)

metrics : { »

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : security@huntr.dev (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-04-27T12:15:09.237 (string)

references : [ »

0 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520 (string)

}

1 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462 (string)

}

]

sourceIdentifier : security@huntr.dev (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : security@huntr.dev (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object