Lucene search
GoogleOSV:CVE-2021-43608HistoryDec 09, 2021 - 8:15 p.m.
CVE-2021-43608
2021-12-0920:15:07
Google
osv.dev
4
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.
Related
hackerone
hackerone
Nextcloud: SQL injextion via vulnerable doctrine/dbal version
2021-11-03 07:38:44
cve
cve
CVE-2021-43608
2021-12-09 20:15:07
nvd
nvd
CVE-2021-43608
2021-12-09 20:15:07
cvelist
cvelist
CVE-2021-43608
2021-12-09 19:02:59
debiancve
debiancve
CVE-2021-43608
2021-12-09 20:15:07
github
github
DBAL 3 SQL Injection Security Vulnerability
2021-11-16 17:25:57
friendsofphp
friendsofphp
SQL Injection in Limit Clause Generation API
2021-11-11 13:30:00
nextcloud
nextcloud
veracode
veracode
SQL Injection
2021-11-17 05:37:41
osv
osv
DBAL 3 SQL Injection Security Vulnerability
2021-11-16 17:25:57
prion
prion
Sql injection
2021-12-09 20:15:00
ubuntucve
ubuntucve
CVE-2021-43608
2021-12-09 00:00:00