Vulnerability Description
A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The patch is named 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liftkit Database Library Project | Liftkit Database Library | < 2.13.2 |
Related Weaknesses (CWE)
References
- https://github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d1PatchThird Party Advisory
- https://github.com/liftkit/database/releases/tag/v2.13.2Release NotesThird Party Advisory
- https://vuldb.com/?ctiid.218391Third Party Advisory
- https://vuldb.com/?id.218391Third Party Advisory
- https://github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d1PatchThird Party Advisory
- https://github.com/liftkit/database/releases/tag/v2.13.2Release NotesThird Party Advisory
- https://vuldb.com/?ctiid.218391Third Party Advisory
- https://vuldb.com/?id.218391Third Party Advisory
FAQ
What is CVE-2016-15020?
CVE-2016-15020 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql ...
How severe is CVE-2016-15020?
CVE-2016-15020 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-15020?
Check the references section above for vendor advisories and patch information. Affected products include: Liftkit Database Library Project Liftkit Database Library.