{ "schema_version": "1.4.0", "id": "GHSA-ww43-mcvh-35p4", "modified": "2023-01-12T23:43:48Z", "published": "2023-01-08T00:30:15Z", "aliases": [ "CVE-2014-125029" ], "summary": "PaginationServiceProvider SQL Injection vulnerability", "details": "A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file `demo/index.php` of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 can address this issue. The name of the patch is 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "affected": [ { "package": { "ecosystem": "Packagist", "name": "ttskch/pagination-service-provider" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.0.0" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125029" }, { "type": "WEB", "url": "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b" }, { "type": "PACKAGE", "url": "https://github.com/ttskch/PaginationServiceProvider" }, { "type": "WEB", "url": "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0" }, { "type": "WEB", "url": "https://vuldb.com/?ctiid.217150" }, { "type": "WEB", "url": "https://vuldb.com/?id.217150" } ], "database_specific": { "cwe_ids": [ "CWE-89" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-01-12T23:43:48Z", "nvd_published_at": "2023-01-07T22:15:00Z" } }