CVE-2016-15020

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-15020
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-15020.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-15020
Aliases
Published
2023-01-16T11:15:10Z
Modified
2024-05-17T07:49:42.919867Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The patch is named 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.

References

Affected packages

Git / github.com/liftkit/database

Affected ranges

Type
GIT
Repo
https://github.com/liftkit/database
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.0
v1.0.1
v1.1.0-alpha

v2.*

v2.0.0
v2.1.0
v2.1.1
v2.10.0
v2.10.0-alpha
v2.11.0
v2.11.1
v2.11.2
v2.12.0
v2.13.0
v2.13.1
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.4.1
v2.4.2
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.1
v2.8.0
v2.9.0
v2.9.0-alpha.1
v2.9.0-alpha.2
v2.9.0-alpha10
v2.9.0-alpha3
v2.9.0-alpha4
v2.9.0-alpha5
v2.9.0-alpha6
v2.9.0-alpha7
v2.9.0-alpha8
v2.9.0-alpha9