CVE-2011-1522

EUVD-2011-1523
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
doctrine-projectdoctrine1.2.0
*
doctrine-projectdoctrine1.2.1
*
doctrine-projectdoctrine1.2.2
*
doctrine-projectdoctrine1.2.3
*
doctrine-projectdoctrine
2.0.0
doctrine-projectdoctrine
2.0.0:alpha1
doctrine-projectdoctrine
2.0.0:alpha2
doctrine-projectdoctrine
2.0.0:alpha3
doctrine-projectdoctrine
2.0.0:alpha4
doctrine-projectdoctrine
2.0.0:beta1
doctrine-projectdoctrine
2.0.0:beta2
doctrine-projectdoctrine
2.0.0:beta3
doctrine-projectdoctrine
2.0.0:beta4
doctrine-projectdoctrine
2.0.0:rc1
doctrine-projectdoctrine
2.0.0:rc2
doctrine-projectdoctrine
2.0.1
doctrine-projectdoctrine
2.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
doctrine
bookworm
2.14.1+dfsg-1
fixed
bullseye
2.8.1+dfsg-3
fixed
sid
2.20.0+dfsg-1
fixed
trixie
2.20.0+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
doctrine
dapper
dne
hardy
dne
lucid
dne
maverick
dne
natty
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674
http://openwall.com/lists/oss-security/2011/03/25/2
http://openwall.com/lists/oss-security/2011/03/28/3
http://www.debian.org/security/2011/dsa-2223
http://www.doctrine-project.org/blog/doctrine-security-fix
http://www.securityfocus.com/bid/47034
https://bugzilla.redhat.com/show_bug.cgi?id=689396
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674
http://openwall.com/lists/oss-security/2011/03/25/2
http://openwall.com/lists/oss-security/2011/03/28/3
http://www.debian.org/security/2011/dsa-2223
http://www.doctrine-project.org/blog/doctrine-security-fix
http://www.securityfocus.com/bid/47034
https://bugzilla.redhat.com/show_bug.cgi?id=689396