Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-mapb-drtt-rbez
Vulnerability ID VCID-mapb-drtt-rbez
Aliases CVE-2023-30850
GHSA-jwg4-qcgv-5wg6
Summary Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-30850
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-jwg4-qcgv-5wg6
cvssv3.1 8.8 https://github.com/pimcore/pimcore
generic_textual HIGH https://github.com/pimcore/pimcore
cvssv3.1 8.8 https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38
generic_textual HIGH https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38
cvssv3.1 8.8 https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
generic_textual HIGH https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
ssvc Track https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
cvssv3.1 8.8 https://github.com/pimcore/pimcore/pull/14952
generic_textual HIGH https://github.com/pimcore/pimcore/pull/14952
ssvc Track https://github.com/pimcore/pimcore/pull/14952
cvssv3.1 8.8 https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
cvssv3.1_qr HIGH https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
generic_textual HIGH https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
ssvc Track https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-30850
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-30850
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-30850
https://github.com/pimcore/pimcore
https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38
https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
https://github.com/pimcore/pimcore/pull/14952
CVE-2023-30850 https://nvd.nist.gov/vuln/detail/CVE-2023-30850
GHSA-jwg4-qcgv-5wg6 https://github.com/advisories/GHSA-jwg4-qcgv-5wg6
GHSA-jwg4-qcgv-5wg6 https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/ Found at https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore/pull/14952
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/ Found at https://github.com/pimcore/pimcore/pull/14952
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/ Found at https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-30850
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.20188
EPSS Score 0.00064
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T21:00:31.533889+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2023-30850.yml 38.6.0