CVE-2023-38054: Easyappointments Order By Escape Sql Injection
The value passed to CodeIgniter's `$db->order_by(...)` is sanitized with `$db->escape(...)`, which only quotes string-literal values for use in WHERE clauses. It does NOT sanitize SQL identifiers or strip ORDER BY syntax (subqueries, CASE expressions, UNION ordering tricks, etc.). Attacker-controlled `sort` / `order_by` parameters can therefore inject SQL in
greprules fetch cve-2023-38054-easyappointments-order-by-escape-sql-injection --engine opengrepDescription
The value passed to CodeIgniter's `$db->order_by(...)` is sanitized with `$db->escape(...)`, which only quotes string-literal values for use in WHERE clauses. It does NOT sanitize SQL identifiers or strip ORDER BY syntax (subqueries, CASE expressions, UNION ordering tricks, etc.). Attacker-controlled `sort` / `order_by` parameters can therefore inject SQL in
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.