Lucene search
Veracode Vulnerability DatabaseVERACODE:32989HistoryNov 17, 2021 - 5:37 a.m.
SQL Injection
2021-11-1705:37:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
53.7%
doctrine/dbal is vulnerable to SQL injection. The modifyLimitQuery function in src/Platforms/AbstractPlatform.php does not properly sanitize the input, which allows a remote attacker to inject arbitrary SQL commands to the APIs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| doctrine/dbal | le | 3.1.3 | |
| doctrine/dbal | le | 3.1.3 |
References
github.com/doctrine/dbal/commit/483a518de57f39b3843ba53954f1bbb2fa151934
github.com/doctrine/dbal/commit/9dcfa4cb6c03250b78a84737ba7ceb82f4b7ba4d
github.com/doctrine/dbal/pull/4984
github.com/doctrine/dbal/releases
github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
www.doctrine-project.org/2021/11/11/dbal3-vulnerability-fixed.html
Related
hackerone
hackerone
Nextcloud: SQL injextion via vulnerable doctrine/dbal version
2021-11-03 07:38:44
cve
cve
CVE-2021-43608
2021-12-09 20:15:07
nvd
nvd
CVE-2021-43608
2021-12-09 20:15:07
osv
osv
CVE-2021-43608
2021-12-09 20:15:07
DBAL 3 SQL Injection Security Vulnerability
2021-11-16 17:25:57
cvelist
cvelist
CVE-2021-43608
2021-12-09 19:02:59
debiancve
debiancve
CVE-2021-43608
2021-12-09 20:15:07
prion
prion
Sql injection
2021-12-09 20:15:00
ubuntucve
ubuntucve
CVE-2021-43608
2021-12-09 00:00:00
nextcloud
nextcloud
github
github
DBAL 3 SQL Injection Security Vulnerability
2021-11-16 17:25:57
friendsofphp
friendsofphp
SQL Injection in Limit Clause Generation API
2021-11-11 13:30:00