CVE-2016-15020: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

January 16, 2023 (updated January 24, 2023)

A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.

References

github.com/advisories/GHSA-8hcf-2m4v-f2rq
github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a
github.com/liftkit/database/releases/tag/v2.13.2
nvd.nist.gov/vuln/detail/CVE-2016-15020
vuldb.com/?ctiid.218391
vuldb.com/?id.218391

Code Behaviors & Features

Detect and mitigate CVE-2016-15020 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →