SQL Injection Vulnerabilities in Doctrine DBAL Platforms AbstractPlatform::modifyLimitQuery Function

SQL Injection Vulnerabilities in Doctrine DBAL Platforms AbstractPlatform::modifyLimitQuery Function

CVE-2011-1522 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.