Lucene search
Veracode Vulnerability DatabaseVERACODE:34714HistoryMar 16, 2022 - 8:25 a.m.
SQL Injection
2022-03-1608:25:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
22
0.002 Low
EPSS
Percentile
55.8%
sylius/grid-bundle is vulnerable to SQL Injection attacks. The library directly passes the values added at the end of query sorting to the database, allowing a malicious user to inject and execute arbitrary SQL queries on the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sylius/grid-bundle | le | v1.10.0 | |
| sylius/grid-bundle | le | v1.11.0-RC.1 | |
| sylius/grid-bundle | le | v1.10.0 | |
| sylius/grid-bundle | le | v1.11.0-RC.1 |
References
github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
github.com/Sylius/SyliusGridBundle/commit/b702009975bcf8dd869bb6f5e619ea93c454f48b
github.com/Sylius/SyliusGridBundle/pull/222
github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439
Related
osv
osv
CVE-2022-24752
2022-03-15 15:15:08
DQL injection through sorting parameters blocked
2022-03-15 19:09:16
cve
cve
CVE-2022-24752
2022-03-15 15:15:08
nvd
nvd
CVE-2022-24752
2022-03-15 15:15:08
cnvd
cnvd
SyliusGridBundle SQL Injection Vulnerability
2022-03-17 00:00:00
cvelist
cvelist
CVE-2022-24752 SQL Injection through sorting parameters in SyliusGridBundle
2022-03-15 14:40:13
github
github
DQL injection through sorting parameters blocked
2022-03-15 19:09:16
prion
prion
Sql injection
2022-03-15 15:15:00