In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Max CVSS
9.8
EPSS Score
1.53%
Published
2019-05-16
Updated
2021-09-29
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Max CVSS
9.8
EPSS Score
0.15%
Published
2020-01-14
Updated
2020-01-24
2 vulnerabilities found