CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.5%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2023-22727

Cakephp » Cakephp » Version: 4.2.0

cpe:2.3:a:cakephp:cakephp:4.2.0
Cakephp » Cakephp » Version: 4.2.1

cpe:2.3:a:cakephp:cakephp:4.2.1
Cakephp » Cakephp » Version: 4.2.10

cpe:2.3:a:cakephp:cakephp:4.2.10
Cakephp » Cakephp » Version: 4.2.11

cpe:2.3:a:cakephp:cakephp:4.2.11
Cakephp » Cakephp » Version: 4.2.2

cpe:2.3:a:cakephp:cakephp:4.2.2
Cakephp » Cakephp » Version: 4.2.3

cpe:2.3:a:cakephp:cakephp:4.2.3
Cakephp » Cakephp » Version: 4.2.4

cpe:2.3:a:cakephp:cakephp:4.2.4
Cakephp » Cakephp » Version: 4.2.5

cpe:2.3:a:cakephp:cakephp:4.2.5
Cakephp » Cakephp » Version: 4.2.6

cpe:2.3:a:cakephp:cakephp:4.2.6
Cakephp » Cakephp » Version: 4.2.7

cpe:2.3:a:cakephp:cakephp:4.2.7
Cakephp » Cakephp » Version: 4.2.8

cpe:2.3:a:cakephp:cakephp:4.2.8
Cakephp » Cakephp » Version: 4.2.9

cpe:2.3:a:cakephp:cakephp:4.2.9
Cakephp » Cakephp » Version: 4.3.0

cpe:2.3:a:cakephp:cakephp:4.3.0
Cakephp » Cakephp » Version: 4.3.1

cpe:2.3:a:cakephp:cakephp:4.3.1
Cakephp » Cakephp » Version: 4.3.10

cpe:2.3:a:cakephp:cakephp:4.3.10
Cakephp » Cakephp » Version: 4.3.2

cpe:2.3:a:cakephp:cakephp:4.3.2
Cakephp » Cakephp » Version: 4.3.3

cpe:2.3:a:cakephp:cakephp:4.3.3
Cakephp » Cakephp » Version: 4.3.4

cpe:2.3:a:cakephp:cakephp:4.3.4
Cakephp » Cakephp » Version: 4.3.5

cpe:2.3:a:cakephp:cakephp:4.3.5
Cakephp » Cakephp » Version: 4.3.6

cpe:2.3:a:cakephp:cakephp:4.3.6
Cakephp » Cakephp » Version: 4.3.7

cpe:2.3:a:cakephp:cakephp:4.3.7
Cakephp » Cakephp » Version: 4.3.8

cpe:2.3:a:cakephp:cakephp:4.3.8
Cakephp » Cakephp » Version: 4.3.9

cpe:2.3:a:cakephp:cakephp:4.3.9
Cakephp » Cakephp » Version: 4.4.0

cpe:2.3:a:cakephp:cakephp:4.4.0
Cakephp » Cakephp » Version: 4.4.1

cpe:2.3:a:cakephp:cakephp:4.4.1
Cakephp » Cakephp » Version: 4.4.2

cpe:2.3:a:cakephp:cakephp:4.4.2
Cakephp » Cakephp » Version: 4.4.3

cpe:2.3:a:cakephp:cakephp:4.4.3
Cakephp » Cakephp » Version: 4.4.4

cpe:2.3:a:cakephp:cakephp:4.4.4
Cakephp » Cakephp » Version: 4.4.5

cpe:2.3:a:cakephp:cakephp:4.4.5
Cakephp » Cakephp » Version: 4.4.6

cpe:2.3:a:cakephp:cakephp:4.4.6
Cakephp » Cakephp » Version: 4.4.7

cpe:2.3:a:cakephp:cakephp:4.4.7
Cakephp » Cakephp » Version: 4.4.8

cpe:2.3:a:cakephp:cakephp:4.4.8
Cakephp » Cakephp » Version: 4.4.9

cpe:2.3:a:cakephp:cakephp:4.4.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22727

Products

Pricing

Contact Us