CVE-2022-40834 SQL Injection Vulnerability |
Hello, I am wondering if the following CVE ever got patched: CVE-2022-40834. It says v3.1.13 is affected which seems to be the current version?
https://www.cvedetails.com/cve/CVE-2022-40835/ https://web.archive.org/web/202210071601.../README.md There are also a number of other CVE's for v3.1.13 https://www.cvedetails.com/vulnerability...niter.html Is CI3 still receiving security updates or are all these CVE's still exploitable? (04-25-2024, 02:47 AM)reactionstudio Wrote: Is CI3 still receiving security updates or are all these CVE's still exploitable? I don't know. But it is not well-maintained. If you think the SQL injection attack vectors in web.archive.org are vulnerabilities in the framework, I believe they are still exploitable. FYI, the maintainer did not think these were vulnerabilities in the framework, but vulnerabilities in the application code, if I recall correctly. |
Welcome Guest, Not a member yet? Register Sign In |