CVE-2015-5725: SQL Injection
First published: Wed Feb 21 2018(Updated: )
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codeigniter Codeigniter | <2.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2015-5725?
CVE-2015-5725 is a SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4.
How does CVE-2015-5725 work?
CVE-2015-5725 works by allowing remote attackers to execute arbitrary SQL commands through vectors involving the offset variable.
What is the severity of CVE-2015-5725?
CVE-2015-5725 has a severity level of critical.
Which versions of CodeIgniter are affected by CVE-2015-5725?
CodeIgniter versions up to and excluding 2.2.4 are affected by CVE-2015-5725.
How can I fix CVE-2015-5725?
To fix CVE-2015-5725, you should update CodeIgniter to version 2.2.4 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/codeigniter
- canonical/codeigniter codeigniter