Опубликовано: 10 дек. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 9.8
Описание
Withdrawn Advisory: Nette Database SQL injection
Withdrawn Advisory
This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references.
Original Description
Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.
Пакеты
Наименование
nette/database
composer
Затронутые версииВерсия исправления
<= 3.2.4
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
около 1 года назад
Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.