CVE-2015-5725

Опубликовано: 21 фев. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.

Ссылки

https://forum.codeigniter.com/thread-62743.html
Vendor Advisory
https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23
Third Party Advisory
https://github.com/bcit-ci/CodeIgniter/issues/4020
Third Party Advisory
https://www.codeigniter.com/userguide2/changelog.html
Vendor Advisory
https://forum.codeigniter.com/thread-62743.html
Vendor Advisory
https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23
Third Party Advisory
https://github.com/bcit-ci/CodeIgniter/issues/4020
Third Party Advisory
https://www.codeigniter.com/userguide2/changelog.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*

Версия до 2.2.4 (исключая)

EPSS

Процентиль: 71%

0.00665

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2015-5725

CVSS3: 9.8

debian

почти 8 лет назад

SQL injection vulnerability in the offset method in the Active Record ...

GHSA-w865-x2vp-v73f

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 71%

0.00665

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89