Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided.

Description: A flaw in the database escaping API results in a SQL injection issue when the dbal extension is enabled and configured for MySQL passthrough mode. This affects all queries using the DatabaseConnection::sql query function, even if arguments were properly escaped with DatabaseConnection::quoteStr beforehand.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.