2 matches found
SUSE CVE-2019-8979
Kohana through 3.3.6 has SQL Injection when the orderby parameter can be controlled...
CVE-2019-8979
Kohana up to 3.3.6 is vulnerable to SQL Injection when the order_by() parameter is controllable. This affects the framework’s query construction (ORM/DB layer) and can impact confidentiality, integrity, and availability as indicated by CVSS metrics in the CVE entry. Available references show the ...