Lucene search
PRIOn knowledge basePRION:CVE-2021-43608HistoryDec 09, 2021 - 8:15 p.m.
Sql injection
2021-12-0920:15:00
PRIOn knowledge base
www.prio-n.com
5
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.
| CPE | Name | Operator | Version |
|---|---|---|---|
| database_abstraction_layer | ge | 3.0.0 | |
| database_abstraction_layer | lt | 3.1.4 |
Related
osv
osv
CVE-2021-43608
2021-12-09 20:15:07
DBAL 3 SQL Injection Security Vulnerability
2021-11-16 17:25:57
cvelist
cvelist
CVE-2021-43608
2021-12-09 19:02:59
debiancve
debiancve
CVE-2021-43608
2021-12-09 20:15:07
nvd
nvd
CVE-2021-43608
2021-12-09 20:15:07
cve
cve
CVE-2021-43608
2021-12-09 20:15:07
hackerone
hackerone
Nextcloud: SQL injextion via vulnerable doctrine/dbal version
2021-11-03 07:38:44
github
github
DBAL 3 SQL Injection Security Vulnerability
2021-11-16 17:25:57
friendsofphp
friendsofphp
SQL Injection in Limit Clause Generation API
2021-11-11 13:30:00
nextcloud
nextcloud
veracode
veracode
SQL Injection
2021-11-17 05:37:41
ubuntucve
ubuntucve
CVE-2021-43608
2021-12-09 00:00:00