ByteOS Network

CVE Vulnerability Details :

CVE-2016-15020

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-16 Jan, 2023 | 10:58

Updated At-06 Aug, 2024 | 03:47

▼CVE Numbering Authority (CNA)

liftkit database Query.php processOrderBy sql injection

A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The patch is named 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.

Affected Products

Vendor

liftkit

Product

database

Versions

Affected

2.13.0
2.13.1

Problem Types

Type	CWE ID	Description
CWE	CWE-89	CWE-89 SQL Injection

Type: CWE

CWE ID: CWE-89

Description: CWE-89 SQL Injection

Metrics

Version	Base score	Base severity	Vector
3.1	5.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.0	5.5	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.0	5.2	N/A	AV:A/AC:L/Au:S/C:P/I:P/A:P

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Version: 2.0

Base score: 5.2

Base severity: N/A

Vector:

AV:A/AC:L/Au:S/C:P/I:P/A:P

Credits

tool

VulDB GitHub Commit Analyzer

Timeline

Event	Date
Advisory disclosed	2023-01-15 00:00:00
CVE reserved	2023-01-15 00:00:00
VulDB entry created	2023-01-15 01:00:00
VulDB entry last update	2023-02-07 17:52:39

Event: Advisory disclosed

Date: 2023-01-15 00:00:00

Event: CVE reserved

Date: 2023-01-15 00:00:00

Event: VulDB entry created

Date: 2023-01-15 01:00:00

Event: VulDB entry last update

Date: 2023-02-07 17:52:39

References

Hyperlink	Resource
https://vuldb.com/?id.218391	vdb-entry technical-description
https://vuldb.com/?ctiid.218391	signature permissions-required
https://github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a	patch
https://github.com/liftkit/database/releases/tag/v2.13.2	patch

Hyperlink: https://vuldb.com/?id.218391

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.218391

Resource:

signature

permissions-required

Hyperlink: https://github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a

Resource:

patch

Hyperlink: https://github.com/liftkit/database/releases/tag/v2.13.2

Resource:

patch

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://vuldb.com/?id.218391	vdb-entry technical-description x_transferred
https://vuldb.com/?ctiid.218391	signature permissions-required x_transferred
https://github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a	patch x_transferred
https://github.com/liftkit/database/releases/tag/v2.13.2	patch x_transferred

Hyperlink: https://vuldb.com/?id.218391

Resource:

vdb-entry

technical-description

x_transferred

Hyperlink: https://vuldb.com/?ctiid.218391

Resource:

signature

permissions-required

x_transferred

Hyperlink: https://github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a

Resource:

patch

x_transferred

Hyperlink: https://github.com/liftkit/database/releases/tag/v2.13.2

Resource:

patch

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References