SyliusGridBundle is an open source e-commerce solution built from decoupled components with a robust API and the highest quality code.A SQL injection vulnerability exists in SyliusGridBundle versions prior to 1.10.1 and prior to 1.11-rc2, which stems from the fact that values added at the end of a query sort are passed directly to the database . An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive data from the database.
CPE | Name | Operator | Version |
---|---|---|---|
syliusgridbundle syliusgridbundle | lt | 1.10.1 |