Описание
SQL injection in pagekit/pagekit
Pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. The configAction in SettingsController allow user to set the order of comments listing. The allowed options are ASC and DESC. That config then get concatenated directly to the SQL query. Due to the fact that there wasnt any sanitizion before saving that config, it can lead to the SQL Injection vulnerability.
Пакеты
Наименование
pagekit/pagekit
composer
Затронутые версииВерсия исправления
<= 1.0.18
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
почти 4 года назад
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.