CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1522
https://notcve.org/view.php?id=CVE-2011-1522
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field. Múltiples vulnerabilidades de inyección SQL en Doctrine\DBAL\Platforms\AbstractPlatform en la función modifyLimitQuery en Doctrine v1.x antes de v1.2.4 y v2.x antes de v2.0.3 permiten a atacantes remotos ejecutar comandos SQL a través de los campos(1) limit o (2) offset. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674 http://openwall.com/lists/oss-security/2011/03/25/2 http://openwall.com/lists/oss-security/2011/03/28/3 http://www.debian.org/security/2011/dsa-2223 http://www.doctrine-project.org/blog/doctrine-security-fix http://www.securityfocus.com/bid/47034 https://bugzilla.redhat.com/show_bug.cgi?id=689396 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •