{"id":"CVE-2011-1522","details":"Multiple SQL injection vulnerabilities in the Doctrine\\DBAL\\Platforms\\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.","modified":"2026-04-10T03:41:45.547670Z","published":"2011-05-03T20:55:06Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2011/dsa-2223"},{"type":"ADVISORY","url":"http://www.doctrine-project.org/blog/doctrine-security-fix"},{"type":"FIX","url":"http://www.doctrine-project.org/blog/doctrine-security-fix"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=689396"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2011/03/25/2"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2011/03/28/3"},{"type":"WEB","url":"http://www.securityfocus.com/bid/47034"}],"schema_version":"1.7.5"}