Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
Symfony\Component\Cache\Adapter\PdoAdapter is the PDO-backed cache adapter. Its clear($prefix) method (inherited from AbstractAdapterTrait) is documented to delete cache items whose key starts with $prefix. In the non-versioning code path, the caller-supplied $prefix is concatenated into $namespace = $this->namespace.$prefix and passed to PdoAdapter::doClear(), which builds: DELETE FROM <table> WHERE <id_col> LIKE '<namespace>%' The value is interpolated directly into the SQL text and executed with PDO::exec(): $namespace is not bound. A caller able …