DBRisinajumi d2files D2filesController.php actionDownloadFile sql injection
Description
A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection vulnerability in DBRisinajumi d2files allows attackers to execute arbitrary SQL commands via unsanitized input in file upload/download actions.
CVE-2015-10018 is a critical SQL injection vulnerability found in the DBRisinajumi d2files extension. The issue resides in the actionUpload and actionDownloadFile functions of controllers/D2filesController.php, where user-supplied model_id and id parameters are directly used in SQL queries without proper sanitization [1][4].
An attacker can exploit this by crafting malicious input to the model_id parameter during file upload or download operations. No authentication is required if the application exposes these actions publicly, allowing remote exploitation over the network [1].
Successful exploitation enables SQL injection, which can lead to unauthorized access to or modification of database contents, potentially compromising the entire application [1].
The vulnerability has been fixed in version 1.0.0 of d2files, with the patch commit b5767f2ec9d0f3cbfda7f13c84740e2179c90574 explicitly casting the parameter to an integer to prevent injection [4]. Users are strongly advised to upgrade to this version or apply the patch to mitigate the risk [1][3].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dbrisinajumi/d2filesPackagist | < 1.0.0 | 1.0.0 |
Affected products
3<1.0.0+ 1 more
- (no CPE)range: <1.0.0
- (no CPE)range: n/a
Patches
1b5767f2ec9d0SQL injection problem
1 file changed · +3 −3
controllers/D2filesController.php+3 −3 modified@@ -114,15 +114,15 @@ public function actionUpload($model_name, $model_id) { //if (!Yii::app()->user->checkAccess($model_name . '.uploadD2File')) { D2files::extendedCheckAccess($model_name . '.uploadD2File'); - if (!$this->performReadValidation($model_name, $model_id)) { + if (!$this->performReadValidation($model_name, (int)$model_id)) { throw new CHttpException(403, Yii::t("D2filesModule.model","You are not authorized to perform this action.")); } Yii::import("vendor.dbrisinajumi.d2files.compnents.*"); $oUploadHandler = new UploadHandlerD2files( array( 'model_name' => $model_name, - 'model_id' => $model_id, + 'model_id' => (int)$model_id, ) ); @@ -175,7 +175,7 @@ public function actionDownloadFile($id) { $oUploadHandler = new UploadHandlerD2files( array( 'model_name' => $model->model, - 'model_id' => $id, + 'model_id' => (int)$id, 'download_via_php' => TRUE, 'file_name' => $model->file_name, )
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e2179c90574ghsapatchWEB
- github.com/DBRisinajumi/d2files/releases/tag/1.0.0ghsapatchWEB
- github.com/advisories/GHSA-68hv-8926-j34cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-10018ghsaADVISORY
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.