Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-xgwg-8q8s-cbfk
Vulnerability ID VCID-xgwg-8q8s-cbfk
Aliases CVE-2023-3673
GHSA-rxp5-qwrf-pfv3
Summary Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.11372 https://api.first.org/data/v1/epss?cve=CVE-2023-3673
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-rxp5-qwrf-pfv3
cvssv3.1 7.2 https://github.com/pimcore/pimcore
generic_textual HIGH https://github.com/pimcore/pimcore
cvssv3 7.2 https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
cvssv3.1 7.2 https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
generic_textual HIGH https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
ssvc Track* https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
cvssv3 7.2 https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
cvssv3.1 7.2 https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
generic_textual HIGH https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
ssvc Track* https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
cvssv3.1 7.2 https://nvd.nist.gov/vuln/detail/CVE-2023-3673
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-3673
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-3673
https://github.com/pimcore/pimcore
https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
CVE-2023-3673 https://nvd.nist.gov/vuln/detail/CVE-2023-3673
GHSA-rxp5-qwrf-pfv3 https://github.com/advisories/GHSA-rxp5-qwrf-pfv3
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/ Found at https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/ Found at https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3673
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.93673
EPSS Score 0.11372
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T21:01:19.854777+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2023-3673.yml 38.6.0