Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tmq7-u6py-4kh5
Vulnerability ID VCID-tmq7-u6py-4kh5
Aliases CVE-2022-24752
GHSA-2xmm-g482-4439
Summary Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2022-24752
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-2xmm-g482-4439
cvssv3.1 9.8 https://github.com/Sylius/SyliusGridBundle
generic_textual CRITICAL https://github.com/Sylius/SyliusGridBundle
cvssv3.1 9.8 https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
generic_textual CRITICAL https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
ssvc Track https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
cvssv3.1 9.8 https://github.com/Sylius/SyliusGridBundle/pull/222
generic_textual CRITICAL https://github.com/Sylius/SyliusGridBundle/pull/222
ssvc Track https://github.com/Sylius/SyliusGridBundle/pull/222
cvssv3.1 9.8 https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
generic_textual CRITICAL https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
ssvc Track https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
cvssv3.1 9.8 https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
generic_textual CRITICAL https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
ssvc Track https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
cvssv3.1 9.8 https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
cvssv3.1_qr CRITICAL https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
generic_textual CRITICAL https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
ssvc Track https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24752
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2022-24752
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-24752
https://github.com/Sylius/SyliusGridBundle
https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
https://github.com/Sylius/SyliusGridBundle/pull/222
https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
CVE-2022-24752 https://nvd.nist.gov/vuln/detail/CVE-2022-24752
GHSA-2xmm-g482-4439 https://github.com/advisories/GHSA-2xmm-g482-4439
GHSA-2xmm-g482-4439 https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Sylius/SyliusGridBundle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:16Z/ Found at https://github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Sylius/SyliusGridBundle/pull/222
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:16Z/ Found at https://github.com/Sylius/SyliusGridBundle/pull/222
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:16Z/ Found at https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:16Z/ Found at https://github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:16Z/ Found at https://github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24752
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.68536
EPSS Score 0.00558
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:57:24.376349+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/sylius/grid-bundle/CVE-2022-24752.yml 38.6.0