WS-2017-0152 | Mend Vulnerability Database

Vulnerability DatabaseWS-2017-0152

WS-2017-0152

Published:May 13, 2026

Updated:May 13, 2026

Affected versions of the foundation-sites package are vulnerable to SQL Injection due to not properly escaping the startkey/endkey in the allDocs() function.

Affected Packages

foundation-sites (NPM):

Affected version(s) =5.5.2 <5.5.3

Fix Suggestion:

Update to version 5.5.3

foundation5.core.sass (NUGET):

Affected version(s) >=5.3.0 <=5.5.0

Fix Suggestion:

Update to version no_fix

simplrangularmodulestructure (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

simplr.angular.module.structure (NUGET):

Affected version(s) >=0.0.2.3 <=0.0.2.6

Fix Suggestion:

Update to version no_fix

foundation5.core (NUGET):

Affected version(s) >=5.0.2 <5.5.0

Fix Suggestion:

Update to version 5.5.0

monox.cms.theme.default (NUGET):

Affected version(s) >=4.9.40.1234 <=4.9.40.4907

Fix Suggestion:

Update to version no_fix

foundation4.core (NUGET):

Affected version(s) >=4.0.3 <=4.3.1

Fix Suggestion:

Update to version no_fix

foundation5.core.sass (NUGET):

Affected version(s) >=5.0.2 <5.1.1

Fix Suggestion:

Update to version 5.1.1

foundation4.core.sass (NUGET):

Affected version(s) >=4.0.9 <=4.3.1

Fix Suggestion:

Update to version no_fix

zurb/foundation (PHP):

Affected version(s) =v5.2.3 <v5.3.0

Fix Suggestion:

Update to version v5.3.0

designs2/foundation-to-contao (PHP):

Affected version(s) =dev-develop <ftc

Fix Suggestion:

Update to version ftc

2amigos/yiifoundation (PHP):

Affected version(s) >=dev-master <=1.0.1

Fix Suggestion:

Update to version no_fix

designs2/codeowl_fw_foundation (PHP):

Affected version(s) >=1.0.0 <2.0.0

Fix Suggestion:

Update to version 2.0.0

awecode/awecms (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

zurb/foundation (PHP):

Affected version(s) >=v5.3.2 <v5.4

Fix Suggestion:

Update to version v5.4

zurb/foundation (PHP):

Affected version(s) =v5.0.0 <v5.x-dev

Fix Suggestion:

Update to version v5.x-dev

bmatzner/foundation-bundle (PHP):

Affected version(s) >=4.0.2 <5.5.3

Fix Suggestion:

Update to version 5.5.3

skullyframework/project (PHP):

Affected version(s) =0.1.x-dev <v0.1.0

Fix Suggestion:

Update to version v0.1.0

illarra/core-bundle (PHP):

Affected version(s) >=dev-master <=0.1.1

Fix Suggestion:

Update to version no_fix

codenamegary/l4-skeleton (PHP):

Affected version(s) >=dev-dev <v0.2

Fix Suggestion:

Update to version v0.2

cundd/noshi-website (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

zurb/foundation (PHP):

Affected version(s) =v5.4.5 <v5.4.6

Fix Suggestion:

Update to version v5.4.6

my-oos/my-oos (PHP):

Affected version(s) >=v2.0.33 <v2.0.56

Fix Suggestion:

Update to version v2.0.56

foglcz/nestraps (PHP):

Affected version(s) =dev-master <v1.0.0

Fix Suggestion:

Update to version v1.0.0

priithansen/silverstripe-foundation-boilerplate (PHP):

Affected version(s) =dev-master <3.2.5

Fix Suggestion:

Update to version 3.2.5

components/foundation (PHP):

Affected version(s) =4.x-dev <4.1.2

Fix Suggestion:

Update to version 4.1.2

avantassel/avt-api-docs (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

foundation/foundation-sites (PHP):

Affected version(s) >=v5.2.1 <v5.5.3

Fix Suggestion:

Update to version v5.5.3

erwin32/nette-foundation-sandbox (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

designs2/foundation-to-contao (PHP):

Affected version(s) >=1.1.0-RC1 <=1.1.3

Fix Suggestion:

Update to version no_fix

skullyframework/skully-admin (PHP):

Affected version(s) >=v0.1.19 <v0.1.28

Fix Suggestion:

Update to version v0.1.28

foundation/foundation-sites (PHP):

Affected version(s) >=v5.0.1 <dev-dependabot/npm_and_yarn/json5-1.0.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/json5-1.0.2

linchpinstudios/yii2-foundation (PHP):

Affected version(s) >=dev-master <=v0.1-alpha.0

Fix Suggestion:

Update to version no_fix

molajo/molajo (PHP):

Affected version(s) =dev-master <v0.2

Fix Suggestion:

Update to version v0.2

priithansen/silverstripe-foundation-boilerplate (PHP):

Affected version(s) >=4.0.9 <=4.3.2

Fix Suggestion:

Update to version no_fix

foundation/foundation-sites (PHP):

Affected version(s) >=v4.2.2 <dev-dependabot/npm_and_yarn/terser-4.8.1

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/terser-4.8.1

itlized/zurb-foundation (PHP):

Affected version(s) >=dev-master <=v5.3.1

Fix Suggestion:

Update to version no_fix

phpugl/dime-timetracker-frontend-bundle (PHP):

Affected version(s) =dev-redesign <dev-settings

Fix Suggestion:

Update to version dev-settings

agentmedia/phine-project (PHP):

Affected version(s) >=dev-master <v1.0.2

Fix Suggestion:

Update to version v1.0.2

bardis/cms-symfony2 (PHP):

Affected version(s) =v1.1.0 <v1.2.0

Fix Suggestion:

Update to version v1.2.0

agentmedia/phine-project (PHP):

Affected version(s) =v1.0.3

Fix Suggestion:

Update to version no_fix

simpletree/yii2foundation (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

codenamegary/l4layouts (PHP):

Affected version(s) =dev-master <0.1.0

Fix Suggestion:

Update to version 0.1.0

valicek1/nestraps (PHP):

Affected version(s) =v1.1.0 <v1.1.2

Fix Suggestion:

Update to version v1.1.2

skullyframework/skully-admin (PHP):

Affected version(s) =dev-staging <v.0.1.7

Fix Suggestion:

Update to version v.0.1.7

codenamegary/l4layouts (PHP):

Affected version(s) =0.1.1

Fix Suggestion:

Update to version no_fix

zurb/foundation (PHP):

Affected version(s) =v5.2.1 <v5.2.2

Fix Suggestion:

Update to version v5.2.2

tuxone/foundation-bundle (PHP):

Affected version(s) =dev-master <3.2.3

Fix Suggestion:

Update to version 3.2.3

mapseven/neos-snippets (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

csanquer/twig-front-dev (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

lionart/edifice (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

zurb/foundation (PHP):

Affected version(s) =v5.1.1 <v5.2.0

Fix Suggestion:

Update to version v5.2.0

tuxone/foundation-bundle (PHP):

Affected version(s) >=4.0.2 <=5.0.2

Fix Suggestion:

Update to version no_fix

zurb/foundation (PHP):

Affected version(s) =v5.0.2 <5.0.3

Fix Suggestion:

Update to version 5.0.3

foundation/foundation-sites (PHP):

Affected version(s) =v5.0.0 <v5.x-dev

Fix Suggestion:

Update to version v5.x-dev

molajo/framework (PHP):

Affected version(s) =dev-master <v0.2

Fix Suggestion:

Update to version v0.2

rywa/silverstripe-foundation (PHP):

Affected version(s) =1.0.x-dev <1.0.1

Fix Suggestion:

Update to version 1.0.1

skullyframework/skully-amazon-s3 (PHP):

Affected version(s) >=v0.1 <=v0.1.6

Fix Suggestion:

Update to version no_fix

foundation/foundation-sites (PHP):

Affected version(s) =v5.1.1 <v5.2.0

Fix Suggestion:

Update to version v5.2.0

codenamegary/l4-skeleton (PHP):

Affected version(s) >=v0.3.0-rc1 <=v0.4.0

Fix Suggestion:

Update to version no_fix

Related Resources (2)

https://github.com/zurb/foundation-sites/issues/6639

https://github.com/zurb/foundation-sites/commit/bf57af9429fbe5e4b18e32e951504136df996e10

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE