vulnerability

Ubuntu: (CVE-2021-43608): php-doctrine-dbal vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Dec 9, 2021	Jun 26, 2025	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Dec 9, 2021

Added

Jun 26, 2025

Modified

Aug 18, 2025

Description

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.

Solution

no-fix-ubuntu-package

References

CVE-2021-43608
https://attackerkb.com/topics/CVE-2021-43608
CWE-89
URL-https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
URL-https://www.cve.org/CVERecord?id=CVE-2021-43608

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today