SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.
References
Link | Resource |
---|---|
https://forum.codeigniter.com/thread-62743.html | Vendor Advisory |
https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23 | Third Party Advisory |
https://github.com/bcit-ci/CodeIgniter/issues/4020 | Third Party Advisory |
https://www.codeigniter.com/userguide2/changelog.html | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-02-21 16:29
Updated : 2024-02-28 16:25
NVD link : CVE-2015-5725
Mitre link : CVE-2015-5725
CVE.ORG link : CVE-2015-5725
JSON object : View
Products Affected
codeigniter
- codeigniter
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')