codeigniter4/framework is vulnerable to SQL injection. The old
function in system/Common.php
does not properly sanitize the user input, which allows a remote attacker to inject arbitrary SQL commands to the APIs.
CPE | Name | Operator | Version |
---|---|---|---|
codeigniter4/framework | le | v4.1.5 | |
codeigniter4/framework | le | v4.1.5 |