CVE-2011-1522

EPSS 0.60%

doctrine - SQL injection

Published: 5/3/2011Modified: 5/27/2026

Description

Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.

Affected packages (2)

Debian/doctrinefrom 0, < 1.2.4-1
Debian/doctrinefrom 0, < 1.2.2-2+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1522