CVE-2022-40833 B.C

An attacker can inject malicious SQL code into system\database\DB_query_builder.php to cause denial of service.

CVE-2018-6109: SQL injection in system\database\DB_query_builder.php via query_builder() function.

CVE-2018-6055: SQL Injection via system\database\DB_select.php or_select_fields_to() function.

CVE-2018-6056: SQL injection via root_request_id in system\database\DB_select.php.

CVE-2018-6057: SQL injection via root_request_id in system\database\DB_select.php.

CVE-2017-7204: SQL injection via system\database\DB_sql_log.php.

CVE-2016-7265: SQL injection via _SESSION[system_database]_GET_EXTRA_SETTINGS in system\database\DB_Settings.php.

CVE-2016-7264: SQL injection via _SESSION[system_database]_GET_EXTRA_SETTINGS in system\database\DB_Settings.php.

CVE-2016-7263: SQL injection via _SESSION[system_database]_GET_EXTRA_SETTINGS in system\database\DB_Settings.php.

CVE-2016-7262: SQL injection via _

Timeline

Published on: 10/07/2022 11:15:00 UTC
Last modified on: 10/08/2022 01:27:00 UTC

References

• https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40833