Lucene search
MitreCVELIST:CVE-2021-43608HistoryDec 09, 2021 - 7:02 p.m.
CVE-2021-43608
2021-12-0919:02:59
mitre
www.cve.org
4
doctrine dbal
sql injection
cve-2021-43608
abstractplatform
limit clause
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.
Related
hackerone
hackerone
Nextcloud: SQL injextion via vulnerable doctrine/dbal version
2021-11-03 07:38:44
debiancve
debiancve
CVE-2021-43608
2021-12-09 20:15:07
osv
osv
CVE-2021-43608
2021-12-09 20:15:07
DBAL 3 SQL Injection Security Vulnerability
2021-11-16 17:25:57
cve
cve
CVE-2021-43608
2021-12-09 20:15:07
nvd
nvd
CVE-2021-43608
2021-12-09 20:15:07
github
github
DBAL 3 SQL Injection Security Vulnerability
2021-11-16 17:25:57
nextcloud
nextcloud
ubuntucve
ubuntucve
CVE-2021-43608
2021-12-09 00:00:00
veracode
veracode
SQL Injection
2021-11-17 05:37:41
prion
prion
Sql injection
2021-12-09 20:15:00
friendsofphp
friendsofphp
SQL Injection in Limit Clause Generation API
2021-11-11 13:30:00