CVE-2019-10762

CRITICAL

medoo < 1.7.5 - SQL Injection via columnQuote

Title source: llm

columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping.

Core 2

Core References

Third Party Advisory x_refsource_misc

Patch, Third Party Advisory x_refsource_misc

CVSS v3 9.8

EPSS 0.0142

EPSS Percentile 69.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89

Status published

Products (2)

catfan/medoo 0 - 1.7.5Packagist

medoo/medoo < 1.7.5

Published Oct 30, 2019

Tracked Since Feb 18, 2026