PT-2026-44142

Description SymfonyComponentCacheAdapterPdoAdapter is the PDO-backed cache adapter. Its clear$prefix method inherited from AbstractAdapterTrait is documented to delete cache items whose key starts with $prefix. In the non-versioning code path, the caller-supplied $prefix is concatenated into...

SQL Injection

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to SQL Injection via PdoAdapter::doClear method. An attacker can influence SQL query to expand deletion scope or perform arbitrary actions by...

MGASA-2015-0391 Updated php-ZendFramework/php-ZendFramework2 packages fixe security vulnerabilities

Zend Framework contained several instances where it was using incorrect permissions masks, which could lead to local privilege escalation issues CVE-2015-5723. The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as ...

ZendFramework1 -- SQL injection vulnerability

Zend Framework developers report: The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection...

CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

More info at https://symfony.com/cve-2026-45073...

CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

More info at https://symfony.com/cve-2026-45073...