CVE-2016-15020

Опубликовано: 16 янв. 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 9.8

CVSS2: 5.2

EPSS Низкий

Описание

A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The patch is named 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.

Ссылки

https://github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a
Patch
Third Party Advisory
https://github.com/liftkit/database/releases/tag/v2.13.2
Release Notes
Third Party Advisory
https://vuldb.com/?ctiid.218391
Third Party Advisory
https://vuldb.com/?id.218391
Third Party Advisory
https://github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a
Patch
Third Party Advisory
https://github.com/liftkit/database/releases/tag/v2.13.2
Release Notes
Third Party Advisory
https://vuldb.com/?ctiid.218391
Third Party Advisory
https://vuldb.com/?id.218391
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liftkit_database_library_project:liftkit_database_library:*:*:*:*:*:*:*:*

Версия до 2.13.2 (исключая)

EPSS

Процентиль: 57%

0.00353

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-8hcf-2m4v-f2rq

CVSS3: 9.8

github

около 3 лет назад

SQL Injection in liftkit/database

EPSS

Процентиль: 57%

0.00353

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-89