Vulnerability Details CVE-2011-1522
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674
- http://openwall.com/lists/oss-security/2011/03/25/2
- http://openwall.com/lists/oss-security/2011/03/28/3
- http://www.debian.org/security/2011/dsa-2223
- http://www.doctrine-project.org/blog/doctrine-security-fix
- http://www.securityfocus.com/bid/47034
- https://bugzilla.redhat.com/show_bug.cgi?id=689396
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674
- http://openwall.com/lists/oss-security/2011/03/25/2
- http://openwall.com/lists/oss-security/2011/03/28/3
- http://www.debian.org/security/2011/dsa-2223
- http://www.doctrine-project.org/blog/doctrine-security-fix
- http://www.securityfocus.com/bid/47034
- https://bugzilla.redhat.com/show_bug.cgi?id=689396
Products affected by CVE-2011-1522
-
cpe:2.3:a:doctrine-project:doctrine1.2.0:*
-
cpe:2.3:a:doctrine-project:doctrine1.2.1:*
-
cpe:2.3:a:doctrine-project:doctrine1.2.2:*
-
cpe:2.3:a:doctrine-project:doctrine1.2.3:*
-
cpe:2.3:a:doctrine-project:doctrine:2.0.0
-
cpe:2.3:a:doctrine-project:doctrine:2.0.1
-
cpe:2.3:a:doctrine-project:doctrine:2.0.2