WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10910)

Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.

Remediation

References

Related Vulnerabilities

WordPress Plugin WooCommerce Product Feed for Google, Facebook, eBay and Many More Security Bypass (2.2.26)

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-8961)

XWiki Missing Authorization Vulnerability (CVE-2022-23617)

Moodle Incorrect Authorization Vulnerability (CVE-2022-0333)

WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)

Severity

Critical

Classification

CVE-2019-10910 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities