5 matches found
CVE-2021-43822
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...
CVE-2021-43822
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...
Sql injection
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...
CVE-2021-43822
CVE-2021-43822 concerns SQL injection in the Jackalope Doctrine-DBAL PHPCR implementation. The vulnerability arises because the component that translates the query object model into Doctrine DBAL queries does not properly escape certain user-controlled identifiers (node names and xpaths), allowin...
CVE-2021-43822 SQL injection in jackalope/jackalope-doctrine-dbal
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...