EPSS
Percentile
51.8%
liftkit/database is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the processOrderBy function in Query.php allows a malicious user to inject and execute arbitrary SQL queries on the target system.
processOrderBy
Query.php
github.com/liftkit/database/commit/42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a
github.com/liftkit/database/releases/tag/v2.13.2
vuldb.com/?ctiid.218391
vuldb.com/?id.218391