CVE-2023-38048: Codeigniter Order By Sql Injection Via Escape
The CodeIgniter `db->order_by()` is being called with a value passed through `db->escape()`. `CI_DB::escape()` is a value-escaping helper that wraps strings in single quotes for SQL literal contexts; it does NOT sanitise SQL identifier contexts like ORDER BY. An attacker controlling the value (typically via a `sort` query parameter) can inject SQL fragments
greprules fetch cve-2023-38048-codeigniter-order-by-sql-injection-via-escape --engine opengrepDescription
The CodeIgniter `db->order_by()` is being called with a value passed through `db->escape()`. `CI_DB::escape()` is a value-escaping helper that wraps strings in single quotes for SQL literal contexts; it does NOT sanitise SQL identifier contexts like ORDER BY. An attacker controlling the value (typically via a `sort` query parameter) can inject SQL fragments
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.