3 matches found
CVE-2026-45073
Symfony uses a PdoAdapter::doClear() that builds a DELETE with a namespace-derived prefix not bound or escaped, allowing an attacker-controlled prefix to escape the LIKE literal and alter deletion scope. A fix is included in Symfony versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. Affected component:...
CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
More info at https://symfony.com/cve-2026-45073...
CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
More info at https://symfony.com/cve-2026-45073...