Exploit for CVE-2026-9082

CVE-2026-9082 Type: SQL Injection CWE-89 Affected Pr...

[SECURITY] Fedora 42 Update: python-flask-3.1.2-2.fc42

Flask is called a =E2=80=9Cmicro-framework=E2=80=9D because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask knows the concept of extensions that...

[SECURITY] Fedora 41 Update: php-adodb-5.22.10-1.fc41

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

Unauthorized Data Exposure

typo3/cms-core is vulnerable to unauthorized data exposure. The vulnerability is due to incomplete access control enforcement where frontend user group restrictions are applied only to the first table in multi-table queries using the database abstraction layer DBAL, allowing attackers to access...

GHSA-X8PV-FGXP-8V3X TYPO3 Allows Information Disclosure via DBAL Restriction Handling

Problem When performing a database query involving multiple tables through the database abstraction layer DBAL, frontend user permissions are only applied via FrontendGroupRestriction to the last table. As a result, data from additional tables included in the same query may be unintentionally...

CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...

CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...

PT-2025-22139 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.50 ELTS TYPO3 versions 10.0.0 through 10.4.49 ELTS TYPO3 versions 11.0.0 through 11.5.43 ELTS TYPO3 versions 12.0.0 through 12.4.30 LTS TYPO3 versions 13.0.0 through 13.4.11 LTS Description: The issue affects...

[SECURITY] Fedora 41 Update: php-adodb-5.22.9-1.fc41

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

K15782: SQL injection vulnerability CVE-2014-3704

Security Advisory Description The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. CVE-2014-3704 Impact None...

UBUNTU-CVE-2021-43608

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...

Doctrine Dbal SQL注入漏洞

Doctrine Dbal is a Doctrine database abstraction layer. A security vulnerability exists in Doctrine DBAL that stems from allowing SQL injection to occur if an application developer ends up using the AbstractPlatform:: modifyLimitQuery API via the proprietary user input DBAL QueryBuilder or any...

VulnCheck KEV: CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

Drupal Database Abstraction API SQLi

The remote web server is running a version of Drupal that is affected by a SQL injection vulnerability due to a flaw in the Drupal database abstraction API, which allows a remote attacker to use specially crafted requests that can result in arbitrary SQL execution. This may lead to privilege...

WordPress 2.3.0-4.7.4 - Authenticated SQL injection

Description Due bad solution of the database abstraction library WordPress exposes itself towards SQL Injection and validation bypass. Beside WordPress itself this issue have huge impact towards complete WP ecosystem. Up to WordPress 4.8.1 is vulnerable, but this time attack is dependent from...

UBUNTU-CVE-2016-4855

Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

[SECURITY] Fedora 25 Update: php-adodb-5.20.6-2.fc25

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

ADOdb vulnerable to cross-site scripting

Overview ADOdb is a database abstraction layer for PHP. The library's test script test.php contains a cross-site scripting CWE-79 vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

[SECURITY] Fedora 23 Update: php-doctrine-orm-2.4.8-1.fc23

Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...