Vulnerability Description
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codeigniter | Codeigniter | < 2.2.4 |
Related Weaknesses (CWE)
References
- https://forum.codeigniter.com/thread-62743.htmlVendor Advisory
- https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318Third Party Advisory
- https://github.com/bcit-ci/CodeIgniter/issues/4020Third Party Advisory
- https://www.codeigniter.com/userguide2/changelog.htmlVendor Advisory
- https://forum.codeigniter.com/thread-62743.htmlVendor Advisory
- https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318Third Party Advisory
- https://github.com/bcit-ci/CodeIgniter/issues/4020Third Party Advisory
- https://www.codeigniter.com/userguide2/changelog.htmlVendor Advisory
FAQ
What is CVE-2015-5725?
CVE-2015-5725 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset varia...
How severe is CVE-2015-5725?
CVE-2015-5725 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-5725?
Check the references section above for vendor advisories and patch information. Affected products include: Codeigniter Codeigniter.