CVE-2025-32389: Query Builder Silent Condition Bypass
A query builder loop handles unexpected types by silently skipping them with `continue`. When these filters enforce security checks, passing a scalar where an array is expected (e.g. via an HTTP parameter manipulation `?param=value` vs `?param[]=value`) can silently drop intended query constraints and lead to bypasses or injection. Throw an exception instead
PHPβgreprules fetch cve-2025-32389-query-builder-silent-condition-bypass --engine opengrepDescription
A query builder loop handles unexpected types by silently skipping them with `continue`. When these filters enforce security checks, passing a scalar where an array is expected (e.g. via an HTTP parameter manipulation `?param=value` vs `?param[]=value`) can silently drop intended query constraints and lead to bypasses or injection. Throw an exception instead
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0