From a208e0dbbc9a76589a7e8f8d53beff1cc5386a0a Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sun, 16 Feb 2025 14:55:40 +0900
Subject: [PATCH] Fix RVE-2025-1 potential SQL injection via third-party
 program

---
 common/framework/parsers/dbquery/Query.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/framework/parsers/dbquery/Query.php b/common/framework/parsers/dbquery/Query.php
index 3d37fb41a..bde3cda9d 100644
--- a/common/framework/parsers/dbquery/Query.php
+++ b/common/framework/parsers/dbquery/Query.php
@@ -619,7 +619,7 @@ class Query extends VariableBase
 
 			// Get the name of the column or expression to order by.
 			$column_name = '';
-			list($column_name, $is_expression) = $orderby->getValue($this->_args);
+			list($column_name, $is_expression, $is_default_value) = $orderby->getValue($this->_args);
 			if (!$column_name)
 			{
 				continue;
@@ -628,6 +628,10 @@ class Query extends VariableBase
 			{
 				$column_name = self::quoteName($column_name);
 			}
+			elseif (!$is_default_value)
+			{
+				continue;
+			}
 
 			// Get the ordering (ASC or DESC).
 			if (preg_match('/^(ASC|DESC)$/i', $orderby->order_var ?: '', $matches))