[HIGH] Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`

PKSA-9dtd-sv51-7pmx CVE-2026-25495 GHSA-2453-mppf-46cj

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<=4.16.17|>=5.0.0-RC1,<=5.8.21

Reported by:
GitHub