Description
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://forum.codeigniter.com/thread-62743.html
Third Party Advisory x_refsource_confirm
https://github.com/bcit-ci/CodeIgniter/issues/4020
Vendor Advisory x_refsource_confirm
https://www.codeigniter.com/userguide2/changelog.html
Third Party Advisory x_refsource_confirm
https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23
Scores
CVSS v3
9.8
EPSS
0.0066
EPSS Percentile
71.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
codeigniter/codeigniter
< 2.2.4
Published
Feb 21, 2018
Tracked Since
Feb 18, 2026