{"id":"CVE-2019-8979","details":"Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.","modified":"2026-04-10T04:20:40.084692Z","published":"2019-02-21T05:29:00.807Z","references":[{"type":"EVIDENCE","url":"https://github.com/huzr2018/orderby_SQLi"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kohana/kohana","events":[{"introduced":"0"},{"last_affected":"98674c63399c29c0fdb812c04c99dc1c6ca5aec8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.6"}]}}],"versions":["3.0","3.0.1","3.0.1.1","3.0.1.2","3.0.2","3.0.2.1","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.6.2","3.0.7","3.0rc1","3.0rc2","3.0rc2.1","3.0rc3","3.1-RC1","beta2","beta3","v3.1.0","v3.1.0-RC2","v3.2.0","v3.2.0-RC1","v3.2.0-RC2","v3.3.0","v3.3.0-RC1","v3.3.0-RC2","v3.3.1","v3.3.1.1","v3.3.3","v3.3.3.1","v3.3.4","v3.3.5","v3.3.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-8979.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}