CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Cakephp: >> Cakephp >> 4.2.0 Security Vulnerabilities

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.

CVSS Score

9.8

EPSS Score

0.003

Published

2023-01-17

Page 1

Vulnerabilities

Vulnerable Software

Cakephp: >> Cakephp >> 4.2.0 Security Vulnerabilities

Products

Pricing

Contact Us