mgallegos/laravel-jqgrid is vulnerable to SQL injection. The vulnerability exists in the getRows
function in EloquentRepositoryAbstract.php
because the library directly passes the values added at the end of query sorting to the database, allowing a malicious user to inject and execute arbitrary SQL queries on the system.
CPE | Name | Operator | Version |
---|---|---|---|
mgallegos/laravel-jqgrid | le | v1.3.0 | |
mgallegos/laravel-jqgrid | le | v1.3.0 |