CVE-2011-1522

2011-05-0320:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2011-1522

doctrine

dbal

platform

sql injection

nvd

vulnerability

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON

Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.

CPENameOperatorVersion
doctrine-project:doctrine1.2.0doctrine-project doctrine1.2.0eq*
doctrine-project:doctrine1.2.1doctrine-project doctrine1.2.1eq*
doctrine-project:doctrine1.2.2doctrine-project doctrine1.2.2eq*
doctrine-project:doctrine1.2.3doctrine-project doctrine1.2.3eq*
doctrine-project:doctrinedoctrine-project doctrineeq2.0.0
doctrine-project:doctrinedoctrine-project doctrineeq2.0.1
doctrine-project:doctrinedoctrine-project doctrineeq2.0.2

CPE	Name	Operator	Version
doctrine-project:doctrine1.2.0	doctrine-project doctrine1.2.0	eq	*
doctrine-project:doctrine1.2.1	doctrine-project doctrine1.2.1	eq	*
doctrine-project:doctrine1.2.2	doctrine-project doctrine1.2.2	eq	*
doctrine-project:doctrine1.2.3	doctrine-project doctrine1.2.3	eq	*
doctrine-project:doctrine	doctrine-project doctrine	eq	2.0.0
doctrine-project:doctrine	doctrine-project doctrine	eq	2.0.1
doctrine-project:doctrine	doctrine-project doctrine	eq	2.0.2