CVE-2021-4262: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

December 19, 2022 (updated December 30, 2022)

A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271.

References

github.com/advisories/GHSA-3fhj-wpvj-x5w8
github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e
github.com/mgallegos/laravel-jqgrid/pull/72
nvd.nist.gov/vuln/detail/CVE-2021-4262
vuldb.com/?id.216271

Code Behaviors & Features

Detect and mitigate CVE-2021-4262 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →