Vendor
The Pimcore admin-ui-classic-bundle is vulnerable to SQL injection via the translation grid date filter; the user-supplied `property` field from the filter JSON is interpolated directly into a SQL expression without proper sanitization or validation, potentially leading to arbitrary database data extraction and remote code execution when chained with other vulnerabilities.