7 matches found
CVE-2026-57954
Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...
EUVD-2026-38057
Statamic CMS's unsafe method invocation via collection sorting allows data destruction...
Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting
Summary Craft Commerce is vulnerable to SQL Injection in the purchasables table endpoint. The sort parameter is split by | and the first part column name is passed directly as an array key to orderBy without whitelist validation. Yii2's query builder does NOT escape array keys, allowing an...
EUVD-2026-8548
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting...
CVE-2024-43825
In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iiogtsbuildavailtimetable The sorting in iiogtsbuildavailtimetable is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When...
Sql injection
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature...
php: ArrayIterator use-after-free due to object change during sorting
A use-after-free flaw was found in the way PHP handled certain ArrayIterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory...