Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yN3FyLTYzNm0td3hnMs4AA8GR
codeigniter/framework SQL injection in ODBC database driver
CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape() functions incompatible with the ODBC driver. However, the update introduces actual query binding as a more secure alternative.
Permalink: https://github.com/advisories/GHSA-27qr-636m-wxg2JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yN3FyLTYzNm0td3hnMs4AA8GR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 4 months ago
Updated: 4 months ago
CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Identifiers: GHSA-27qr-636m-wxg2
References:
- https://github.com/simplysites/CodeIgniter/commit/3d10ffa77854044570a1809a884776fd4bbd8b70
- https://forum.codeigniter.com/thread-65803.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter/framework/2016-07-26-1.yaml
- https://github.com/advisories/GHSA-27qr-636m-wxg2
Blast Radius: 27.1
Affected Packages
packagist:codeigniter/framework
Dependent packages: 69Dependent repositories: 509
Downloads: 1,781,036 total
Affected Version Ranges: < 3.1.0
Fixed in: 3.1.0
All affected versions: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6
All unaffected versions: 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13