GHSA-27qr-636m-wxg2: codeigniter/framework SQL injection in ODBC database driver

May 15, 2024

CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape() functions incompatible with the ODBC driver. However, the update introduces actual query binding as a more secure alternative.

References

forum.codeigniter.com/thread-65803.html
github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter/framework/2016-07-26-1.yaml
github.com/advisories/GHSA-27qr-636m-wxg2
github.com/simplysites/CodeIgniter
github.com/simplysites/CodeIgniter/commit/3d10ffa77854044570a1809a884776fd4bbd8b70

Detect and mitigate GHSA-27qr-636m-wxg2 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →