CVE-2023-38049: Codeigniter Order By Escape Sqli
Passing the result of $DB->escape() (a value escaper that wraps strings as SQL string literals) to $DB->order_by() does not sanitize SQL identifiers. When the argument is user-controlled, this allows ORDER BY SQL injection (commas, function calls, sub-selects, time-based payloads). Use an identifier-quoting/whitelisting helper such as quote_order_by() or res
greprules fetch cve-2023-38049-codeigniter-order-by-escape-sqli --engine opengrepDescription
Passing the result of $DB->escape() (a value escaper that wraps strings as SQL string literals) to $DB->order_by() does not sanitize SQL identifiers. When the argument is user-controlled, this allows ORDER BY SQL injection (commas, function calls, sub-selects, time-based payloads). Use an identifier-quoting/whitelisting helper such as quote_order_by() or res
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.