codeigniter/framework SQL injection in ODBC database driver

2024-05-1518:09:41

GitHub Advisory Database

github.com

codeigniter

odbc

sql injection

security update

query binding

8.2 High

AI Score

Confidence

Low

JSON

CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape() functions incompatible with the ODBC driver. However, the update introduces actual query binding as a more secure alternative.

Affected configurations

Vulners

Node

codeignitercodeigniterRange<3.1.0

CPENameOperatorVersion
codeigniter/frameworklt3.1.0

CPE	Name	Operator	Version
	codeigniter/framework	lt	3.1.0

References

forum.codeigniter.com/thread-65803.html

github.com/advisories/GHSA-27qr-636m-wxg2

github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter/framework/2016-07-26-1.yaml

github.com/simplysites/CodeIgniter/commit/3d10ffa77854044570a1809a884776fd4bbd8b70

8.2 High

AI Score

Confidence

Low

JSON