CVE-2022-1429: 
PHP vulnerability analysis and mitigation

SQL injection vulnerability identified in GridHelperService.php in GitHub repository pimcore/pimcore versions prior to 10.3.6. The vulnerability was discovered and disclosed in April 2022, affecting the Pimcore content management system (NVD, GitHub Patch).

The vulnerability exists in the GridHelperService.php file where improper column quoting in SQL queries could lead to SQL injection attacks. The issue received a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with no privileges required. The vulnerability is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command (NVD).

The vulnerability allows attackers to potentially steal data from the affected system through SQL injection attacks. The high CVSS score indicates significant confidentiality impact, though integrity and availability are not affected (NVD).

The vulnerability has been patched in Pimcore version 10.3.6. Users should upgrade to this version or later to mitigate the risk. The fix involves proper column quoting in the GridHelperService.php file (GitHub Patch).