diff --git a/src/Admin/Controllers/AdminCurrencyController.php b/src/Admin/Controllers/AdminCurrencyController.php
index 6bde7d7e..2e0ffba7 100644
--- a/src/Admin/Controllers/AdminCurrencyController.php
+++ b/src/Admin/Controllers/AdminCurrencyController.php
@@ -45,8 +45,8 @@ public function index()
             'action' => sc_language_render('action.title'),
         ];
 
-        $sort_order = request('sort_order') ?? 'id_desc';
-        $keyword = request('keyword') ?? '';
+        $sort_order = sc_clean(request('sort_order') ?? 'id_desc');
+        $keyword    = sc_clean(request('keyword') ?? '');
         $arrSort = [
             'id__desc' => sc_language_render('filter_sort.id_desc'),
             'id__asc' => sc_language_render('filter_sort.id_asc'),
diff --git a/src/Admin/Controllers/AdminLogController.php b/src/Admin/Controllers/AdminLogController.php
index 8b0af20b..c64c1649 100644
--- a/src/Admin/Controllers/AdminLogController.php
+++ b/src/Admin/Controllers/AdminLogController.php
@@ -46,7 +46,7 @@ public function index()
             'action' => sc_language_render('action.title'),
         ];
 
-        $sort_order = request('sort_order') ?? 'id_desc';
+        $sort_order = sc_clean(request('sort_order') ?? 'id_desc');
         $arrSort = [
             'id__desc' => sc_language_render('filter_sort.id_desc'),
             'id__asc' => sc_language_render('filter_sort.id_asc'),
diff --git a/src/Admin/Controllers/Auth/PermissionController.php b/src/Admin/Controllers/Auth/PermissionController.php
index 9df2efba..e22a4f15 100644
--- a/src/Admin/Controllers/Auth/PermissionController.php
+++ b/src/Admin/Controllers/Auth/PermissionController.php
@@ -72,7 +72,7 @@ public function index()
             'updated_at' => sc_language_render('admin.updated_at'),
             'action' => sc_language_render('action.title'),
         ];
-        $sort_order = request('sort_order') ?? 'id_desc';
+        $sort_order = sc_clean(request('sort_order') ?? 'id_desc');
         $arrSort = [
             'id__desc' => sc_language_render('filter_sort.id_desc'),
             'id__asc' => sc_language_render('filter_sort.id_asc'),
diff --git a/src/Admin/Controllers/Auth/RoleController.php b/src/Admin/Controllers/Auth/RoleController.php
index afc68d0a..2f3192de 100644
--- a/src/Admin/Controllers/Auth/RoleController.php
+++ b/src/Admin/Controllers/Auth/RoleController.php
@@ -43,8 +43,8 @@ public function index()
             'updated_at' => sc_language_render('admin.updated_at'),
             'action' => sc_language_render('action.title'),
         ];
-        $sort_order = request('sort_order') ?? 'id_desc';
-        $keyword = request('keyword') ?? '';
+        $sort_order = sc_clean(request('sort_order') ?? 'id_desc');
+        $keyword    = sc_clean(request('keyword') ?? '');
         $arrSort = [
             'id__desc' => sc_language_render('filter_sort.id_desc'),
             'id__asc' => sc_language_render('filter_sort.id_asc'),
diff --git a/src/Admin/Controllers/Auth/UsersController.php b/src/Admin/Controllers/Auth/UsersController.php
index c61fc7fa..85fba7a2 100644
--- a/src/Admin/Controllers/Auth/UsersController.php
+++ b/src/Admin/Controllers/Auth/UsersController.php
@@ -51,8 +51,8 @@ public function index()
             'created_at' => sc_language_render('admin.created_at'),
             'action'     => sc_language_render('action.title'),
         ];
-        $sort_order = request('sort_order') ?? 'id_desc';
-        $keyword = request('keyword') ?? '';
+        $sort_order = sc_clean(request('sort_order') ?? 'id_desc');
+        $keyword    = sc_clean(request('keyword') ?? '');
         $arrSort = [
             'id__desc'       => sc_language_render('filter_sort.id_desc'),
             'id__asc'        => sc_language_render('filter_sort.id_asc'),