CVE-2023-38053: Codeigniter Order By Escape Sql Injection
Passing user-controlled input to CodeIgniter's $db->order_by() after only running it through $db->escape() does not sanitize SQL identifiers. escape() quotes string literals but does not constrain ORDER BY column tokens, allowing an attacker to inject arbitrary SQL (subqueries, CASE/IF expressions, UNION fragments, boolean payloads) into the ORDER BY clause.
greprules fetch cve-2023-38053-codeigniter-order-by-escape-sql-injection --engine opengrepDescription
Passing user-controlled input to CodeIgniter's $db->order_by() after only running it through $db->escape() does not sanitize SQL identifiers. escape() quotes string literals but does not constrain ORDER BY column tokens, allowing an attacker to inject arbitrary SQL (subqueries, CASE/IF expressions, UNION fragments, boolean payloads) into the ORDER BY clause.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.