PT-2023-10121 · Himiklab · Yii2-Jqgrid-Widget
Publicado
2023-01-06
·
Atualizado
2024-05-17
·
CVE-2014-125051
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
himiklab yii2-jqgrid-widget versions up to 1.0.7
Description
A critical issue affects the
addSearchOptionsRecursively function of the file JqGridAction.php, leading to sql injection.Recommendations
For himiklab yii2-jqgrid-widget versions up to 1.0.7, upgrade to version 1.0.8 to address this issue. As a temporary workaround, consider restricting access to the
addSearchOptionsRecursively function until the patch is applied.Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Yii2-Jqgrid-Widget