Lucene search
+L

43 matches found

osv
osv
added 2026/05/28 8:47 p.m.13 views

GHSA-R2F4-FF2P-XC64 Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save

My name is Oscar Uribe, Security Researcher at Fluid Attacks. I am reaching out because we have identified a security vulnerability in Pimcore 12.3.3 that we would like to report to you so we can coordinate a responsible disclosure together. As part of our standard disclosure measures, we follow ...

7CVSS6.3AI score0.00346EPSS
Exploits0References7
cvelist
cvelist
added 2026/03/25 11:13 p.m.26 views

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

7.2CVSS0.00425EPSS
Exploits1References3
osv
osv
added 2026/03/25 11:13 p.m.6 views

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

7.2CVSS6AI score0.00425EPSS
Exploits1References5
cve
cve
added 2026/03/25 11:13 p.m.19 views

CVE-2026-33914

OpenEMR (prior to 8.0.0.3) contains a blind SQL injection in the PostCalendar categoriesUpdate function. The malsicious code uses the dels POST parameter, which is read via pnVarCleanFromInput() (HTML tags stripped only) and directly interpolated into a raw SQL DELETE statement executed by Doctri...

7.2CVSS5.9AI score0.00425EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2388

Malware in sbrugna...

9.8CVSS9.3AI score0.02369EPSS
Exploits0References8
nessus
nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-43608

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an...

9.8CVSS8.5AI score0.02369EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/22 9:34 p.m.20 views

CVE-2021-43822

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

8.5CVSS7.7AI score0.00967EPSS
Exploits0
osv
osv
added 2024/06/03 4:46 p.m.39 views

GHSA-9895-53FC-98V2 TYPO3 SQL Injection in dbal

A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal is enabled and configured for MySQL passthrough mode in its extension configuration. All queries which use the DatabaseConnection::sqlquery are vulnerable, even if arguments were properly escaped with...

8AI score
Exploits0References2
github
github
added 2024/06/03 4:46 p.m.28 views

TYPO3 SQL Injection in dbal

A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal is enabled and configured for MySQL passthrough mode in its extension configuration. All queries which use the DatabaseConnection::sqlquery are vulnerable, even if arguments were properly escaped with...

8AI score
Exploits0References3Affected Software1
osv
osv
added 2024/05/15 6:42 p.m.9 views

GHSA-76W8-MQX4-WJRF Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...

8.1CVSS7.2AI score
Exploits0References3
github
github
added 2024/05/15 6:42 p.m.13 views

Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...

7.2AI score
Exploits0References3Affected Software1
ibm
ibm
added 2021/12/16 2:29 p.m.41 views

Security Bulletin: IBM Application Navigator, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a remote attacker exploitation of Apache Log4j (CVE-2021-44228)

Summary IBM Application Navigator, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a remote attacker exploitation of Apache Log4j CVE-2021-44228. The IBM Application Navigator contains a copy of Apache Log4j which is not used by the IBM Application Navigator function. Out o...

10CVSS0.8AI score0.99999EPSS
Exploits354Affected Software1
osv
osv
added 2021/12/14 9:8 p.m.23 views

GHSA-PH98-V78F-JQRM SQL injection in jackalope/jackalope-doctrine-dbal

Impact Users can provoke SQL injections if they can specify a node name or query. Patches Upgrade to version 1.7.4 If that is not possible, you can escape all places where $property is used to filter sv:name in the class Jackalope\Transport\DoctrineDBAL\Query\QOMWalker: XPath::escape$property...

8.5CVSS8AI score0.00967EPSS
Exploits0References4
github
github
added 2021/12/14 9:8 p.m.36 views

SQL injection in jackalope/jackalope-doctrine-dbal

Impact Users can provoke SQL injections if they can specify a node name or query. Patches Upgrade to version 1.7.4 If that is not possible, you can escape all places where $property is used to filter sv:name in the class Jackalope\Transport\DoctrineDBAL\Query\QOMWalker: XPath::escape$property...

8.5CVSS2.1AI score0.00967EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2021/12/13 8:15 p.m.37 views

CVE-2021-43822

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

8.5CVSS0.00967EPSS
Exploits0References2
attackerkb
attackerkb
added 2021/12/13 8:15 p.m.4 views

CVE-2021-43822

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

8.5CVSS7.1AI score0.00967EPSS
Exploits0References3Affected Software1
osv
osv
added 2021/12/13 8:15 p.m.19 views

CVE-2021-43822

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

7.5CVSS8AI score
Exploits0References2
prion
prion
added 2021/12/13 8:15 p.m.17 views

Sql injection

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

6.8CVSS8AI score0.00967EPSS
Exploits0References2Affected Software1
cve
cve
added 2021/12/13 7:50 p.m.82 views

CVE-2021-43822

CVE-2021-43822 concerns SQL injection in the Jackalope Doctrine-DBAL PHPCR implementation. The vulnerability arises because the component that translates the query object model into Doctrine DBAL queries does not properly escape certain user-controlled identifiers (node names and xpaths), allowin...

8.5CVSS8AI score0.00967EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/12/13 7:50 p.m.38 views

CVE-2021-43822 SQL injection in jackalope/jackalope-doctrine-dbal

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

8.5CVSS9AI score0.00967EPSS
Exploits0References2
Rows per page
Query Builder