Описание
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1522
- https://bugzilla.redhat.com/show_bug.cgi?id=689396
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674
- http://openwall.com/lists/oss-security/2011/03/25/2
- http://openwall.com/lists/oss-security/2011/03/28/3
- http://www.debian.org/security/2011/dsa-2223
- http://www.doctrine-project.org/blog/doctrine-security-fix
- http://www.securityfocus.com/bid/47034
Связанные уязвимости
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\ ...