CVE-2011-1522

Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
doctrine-projectdoctrine1.2.0
*
doctrine-projectdoctrine1.2.1
*
doctrine-projectdoctrine1.2.2
*
doctrine-projectdoctrine1.2.3
*
doctrine-projectdoctrine
2.0.0
doctrine-projectdoctrine
2.0.0:alpha1
doctrine-projectdoctrine
2.0.0:alpha2
doctrine-projectdoctrine
2.0.0:alpha3
doctrine-projectdoctrine
2.0.0:alpha4
doctrine-projectdoctrine
2.0.0:beta1
doctrine-projectdoctrine
2.0.0:beta2
doctrine-projectdoctrine
2.0.0:beta3
doctrine-projectdoctrine
2.0.0:beta4
doctrine-projectdoctrine
2.0.0:rc1
doctrine-projectdoctrine
2.0.0:rc2
doctrine-projectdoctrine
2.0.1
doctrine-projectdoctrine
2.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
doctrine
bullseye
2.8.1+dfsg-3
fixed
bookworm
2.14.1+dfsg-1
fixed
sid
2.20.0+dfsg-1
fixed
trixie
2.20.0+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
doctrine
natty
dne
maverick
dne
lucid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674
http://openwall.com/lists/oss-security/2011/03/25/2
http://openwall.com/lists/oss-security/2011/03/28/3
http://www.debian.org/security/2011/dsa-2223
http://www.doctrine-project.org/blog/doctrine-security-fix
http://www.securityfocus.com/bid/47034
https://bugzilla.redhat.com/show_bug.cgi?id=689396
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674
http://openwall.com/lists/oss-security/2011/03/25/2
http://openwall.com/lists/oss-security/2011/03/28/3
http://www.debian.org/security/2011/dsa-2223
http://www.doctrine-project.org/blog/doctrine-security-fix
http://www.securityfocus.com/bid/47034
https://bugzilla.redhat.com/show_bug.cgi?id=689396