GHSA-6g8q-qfpv-57wp

Suggest an improvement
Source
https://github.com/advisories/GHSA-6g8q-qfpv-57wp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-6g8q-qfpv-57wp/GHSA-6g8q-qfpv-57wp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6g8q-qfpv-57wp
Aliases
Published
2023-01-20T17:30:20Z
Modified
2023-11-08T04:11:37.692699Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Details

Impact

The Cake\Database\Query::limit() and Cake\Database\Query::offset() methods are vulnerable to SQL injection if passed un-sanitized user request data.

Patches

This issue has been fixed in 4.2.12, 4.3.11, 4.4.10

Workarounds

Using CakePHP's Pagination library will mitigate this issue, as will validating or casting parameters to these methods.

References

https://bakery.cakephp.org/2023/01/06/cakephp421143114410released.html

Database specific
{
    "nvd_published_at": "2023-01-17T21:15:00Z",
    "github_reviewed_at": "2023-01-20T17:30:20Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Packagist / cakephp/cakephp

Package

Name
cakephp/cakephp
Purl
pkg:composer/cakephp/cakephp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.2.0
Fixed
4.2.12

Affected versions

4.*

4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.2.10
4.2.11

Packagist / cakephp/cakephp

Package

Name
cakephp/cakephp
Purl
pkg:composer/cakephp/cakephp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.11

Affected versions

4.*

4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10

Packagist / cakephp/cakephp

Package

Name
cakephp/cakephp
Purl
pkg:composer/cakephp/cakephp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.10

Affected versions

4.*

4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9

Packagist / cakephp/database

Package

Name
cakephp/database
Purl
pkg:composer/cakephp/database

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.2.0
Fixed
4.2.12

Affected versions

4.*

4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.2.10
4.2.11

Packagist / cakephp/database

Package

Name
cakephp/database
Purl
pkg:composer/cakephp/database

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.11

Affected versions

4.*

4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10

Packagist / cakephp/database

Package

Name
cakephp/database
Purl
pkg:composer/cakephp/database

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.10

Affected versions

4.*

4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9