CVE-2015-10084 – irontec klear-library BaseController.php _prepareWhere sql injection

https://notcve.org/view.php?id=CVE-2015-10084

A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. • https://github.com/irontec/klear-library/commit/b25262de52fdaffde2a4434fc2a84408b304fbc5 https://github.com/irontec/klear-library/tree/marla https://vuldb.com/?ctiid.221504 https://vuldb.com/?id.221504 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •