SQL Injection Vulnerability in Kohana through 3.3.6 via Controlled order_by() Parameter

SQL Injection Vulnerability in Kohana through 3.3.6 via Controlled order_by() Parameter

CVE-2019-8979 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.