GHSA-8hcf-2m4v-f2rq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8hcf-2m4v-f2rq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-8hcf-2m4v-f2rq/GHSA-8hcf-2m4v-f2rq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8hcf-2m4v-f2rq
- Aliases
- Published
- 2023-01-16T12:30:18Z
- Modified
- 2023-11-08T03:58:22.566602Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- SQL Injection in liftkit/database
- Details
-
A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.
- Database specific
{ "nvd_published_at": "2023-01-16T11:15:00Z", "github_reviewed_at": "2023-01-24T20:29:47Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-89" ] }- References
Affected packages
Packagist / liftkit/database
Package
- Name
- liftkit/database
- Purl
- pkg:composer/liftkit/database
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.13.2
Affected versions
v1.*
v1.0
v1.0.1
v1.1.0-alpha
v2.*
v2.0.0
v2.1.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.4.1
v2.4.2
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.1
v2.8.0
v2.9.0-alpha.1
v2.9.0-alpha.2
v2.9.0-alpha3
v2.9.0-alpha4
v2.9.0-alpha5
v2.9.0-alpha6
v2.9.0-alpha7
v2.9.0-alpha8
v2.9.0-alpha9
v2.9.0-alpha10
v2.9.0
v2.10.0-alpha
v2.10.0
v2.11.0
v2.11.1
v2.11.2
v2.12.0
v2.13.0
v2.13.1