Lucene search
China National Vulnerability DatabaseCNVD-2022-84057HistoryMar 17, 2022 - 12:00 a.m.
SyliusGridBundle SQL Injection Vulnerability
2022-03-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
29
0.002 Low
EPSS
Percentile
55.8%
SyliusGridBundle is an open source e-commerce solution built from decoupled components with a robust API and the highest quality code.A SQL injection vulnerability exists in SyliusGridBundle versions prior to 1.10.1 and prior to 1.11-rc2, which stems from the fact that values added at the end of a query sort are passed directly to the database . An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive data from the database.
| CPE | Name | Operator | Version |
|---|---|---|---|
| syliusgridbundle syliusgridbundle | lt | 1.10.1 |
Related
osv
osv
DQL injection through sorting parameters blocked
2022-03-15 19:09:16
CVE-2022-24752
2022-03-15 15:15:08
cvelist
cvelist
CVE-2022-24752 SQL Injection through sorting parameters in SyliusGridBundle
2022-03-15 14:40:13
github
github
DQL injection through sorting parameters blocked
2022-03-15 19:09:16
cve
cve
CVE-2022-24752
2022-03-15 15:15:08
veracode
veracode
SQL Injection
2022-03-16 08:25:15
nvd
nvd
CVE-2022-24752
2022-03-15 15:15:08
prion
prion
Sql injection
2022-03-15 15:15:00