SQL injection in pagekit/pagekit

Pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. The configAction in SettingsController allow user to set the order of comments listing. The allowed options are ASC and DESC. That config then get concatenated directly to the SQL query. Due to the fact that there wasnt any sanitizion before saving that config, it can lead to the SQL Injection vulnerability.