9 matches found
GHSA-6Q9V-4HQ6-5M67 Doctrine SQL injection vulnerability
Doctrine is prone to SQL injection vulnerability. Users of Doctrine 1.2 and 2 should update to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2. Affected versions are: - 1.2.3 and...
GHSA-76W8-MQX4-WJRF Doctrine DBAL SQL injection possibility
The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...
CVE-2021-43608
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...
CVE-2021-43608
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...
CVE-2021-43608
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...
CVE-2021-43608
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...
CVE-2021-43608
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...
CVE-2021-43608
Doctrine DBAL 3.x before 3.1.4 is affected by a SQL injection in the LIMIT clause generation. The root cause is that offset and length inputs used to build LIMIT are not reliably cast to integers, which allows injection when unescaped user input is passed to the DBAL QueryBuilder or APIs that cal...
DBAL 3 SQL Injection Security Vulnerability
We have released a new version Doctrine DBAL 3.1.4 that fixes a critical SQL injection vulnerability in the LIMIT clause generation API provided by the Platform abstraction. We advise everyone using Doctrine DBAL 3.0.0 up to 3.1.3 to upgrade to 3.1.4 immediately. The vulnerability can happen when...