PT-2023-10121 · Himiklab · Yii2-Jqgrid-Widget

Published

2023-01-06

Updated

2024-05-17

CVE-2014-125051

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions himiklab yii2-jqgrid-widget versions up to 1.0.7

Description A critical issue affects the addSearchOptionsRecursively function of the file JqGridAction.php, leading to sql injection.

Recommendations For himiklab yii2-jqgrid-widget versions up to 1.0.7, upgrade to version 1.0.8 to address this issue. As a temporary workaround, consider restricting access to the addSearchOptionsRecursively function until the patch is applied.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2014-125051

GHSA-7MG5-RW39-Q67F

Affected Products

Yii2-Jqgrid-Widget

PT-2023-10121 · Himiklab · Yii2-Jqgrid-Widget

CVE-2014-125051

Weakness Enumeration

Related Identifiers

Affected Products

References · 9