This is not an SQL injection vulnerability.
It's us not fully filtering incorrect fulltext search syntax. The error relates to the trailing '-', indicating a word exclusion which is not then actually specified.
On some MySQL/MariaDB versions, MySQL will not be happy when a boolean fulltext query has any of these syntax errors:
1) Trailing + or - (As there's no succeeding word to be included/disincluded)
2) Leading * (As there's no preceding word to be multiplied)
3) Double + or - or * (As operators don't count as words)
4) Various other errors with operators we strip out, as we don't want to support them
This is all within the logic of the boolean querying logic, not the SQL query as a whole - nothing is injected into the SQL parser.
(Click to enlarge)
#3754 - Security Issue - SQL Injection
It's us not fully filtering incorrect fulltext search syntax. The error relates to the trailing '-', indicating a word exclusion which is not then actually specified.
While it is not a vulnerability, it is a bug.
On some MySQL/MariaDB versions, MySQL will not be happy when a boolean fulltext query has any of these syntax errors:
1) Trailing + or - (As there's no succeeding word to be included/disincluded)
2) Leading * (As there's no preceding word to be multiplied)
3) Double + or - or * (As operators don't count as words)
4) Various other errors with operators we strip out, as we don't want to support them
This is all within the logic of the boolean querying logic, not the SQL query as a whole - nothing is injected into the SQL parser.