Lucene search
+L

313 matches found

github
github
added 2023/01/20 11:22 p.m.17 views

CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

2.8AI score
Exploits0References4Affected Software1
osv
osv
added 2023/01/20 11:22 p.m.21 views

GHSA-J9Q2-F9Q7-JHGQ CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

7AI score
Exploits0References4
github
github
added 2023/01/20 11:2 p.m.18 views

CakePHP has incorrect Cross-Site Request Forgery validation

CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data...

2.2AI score
Exploits0References4Affected Software1
osv
osv
added 2023/01/20 11:2 p.m.20 views

GHSA-829Q-V5G8-HHXC CakePHP has incorrect Cross-Site Request Forgery validation

CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data...

7.1AI score
Exploits0References4
github
github
added 2023/01/20 5:30 p.m.47 views

CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection

Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...

9.8CVSS9.8AI score0.00858EPSS
Exploits0References5Affected Software2
osv
osv
added 2023/01/20 5:30 p.m.204 views

GHSA-6G8Q-QFPV-57WP CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection

Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...

9.8CVSS9.8AI score0.00858EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2023/01/20 12:0 a.m.4 views

PT-2023-33075 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 3.4 prior to 3.4.14 CakePHP versions 3.5 prior to 3.5.17 CakePHP versions 3.6 prior to 3.6.4 Description: The issue is a cross-site-scripting XSS vulnerability found in the development only missing route and duplicate named...

6.6AI score
Exploits0References5
nvd
nvd
added 2023/01/17 9:15 p.m.12 views

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS9.9AI score0.00858EPSS
Exploits0References3
osv
osv
added 2023/01/17 9:15 p.m.6 views

DEBIAN-CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS7.9AI score0.00858EPSS
Exploits0References1
prion
prion
added 2023/01/17 9:15 p.m.15 views

Sql injection

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

7.5CVSS9.8AI score0.00858EPSS
Exploits0References3Affected Software1
osv
osv
added 2023/01/17 9:15 p.m.3 views

UBUNTU-CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS5.8AI score0.00858EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2023/01/17 9:15 p.m.279 views

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS7.1AI score0.00858EPSS
Exploits0References4
cvelist
cvelist
added 2023/01/17 8:41 p.m.18 views

CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS10AI score0.00858EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/01/17 8:41 p.m.9 views

CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS10AI score0.00858EPSS
Exploits0References3
debiancve
debiancve
added 2023/01/17 8:41 p.m.5 views

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS8.1AI score0.00858EPSS
Exploits0
cve
cve
added 2023/01/17 8:41 p.m.91 views

CVE-2023-22727

Summary of CVE-2023-22727 (CakePHP): CakePHP's core database query methods, Cake\Database\Query::limit() and Cake\Database\Query::offset(), are vulnerable to SQL injection when fed unsanitized user input. This vulnerability affects affected CakePHP versions prior to fixes and is addressed in vers...

9.8CVSS9.9AI score0.00858EPSS
Exploits0References3Affected Software1
osv
osv
added 2023/01/17 8:41 p.m.25 views

CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS9.6AI score0.00858EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2023/01/17 12:0 a.m.4 views

PT-2023-18668 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions prior to 4.2.12 CakePHP versions prior to 4.3.11 CakePHP versions prior to 4.4.10 Description: The issue concerns SQL injection vulnerability in the CakeDatabaseQuery::limit and CakeDatabaseQuery::offset methods when passed...

9.8CVSS9.7AI score0.00858EPSS
Exploits0References13
cnnvd
cnnvd
added 2023/01/17 12:0 a.m.5 views

CakePHP SQL注入漏洞

CakePHP is the U.S. CAKE Foundation of a MVC-based architecture , open source Web development framework. The framework has flexible view caching, automatic generation of CRUD code and other features. CakePHP suffers from an SQL injection vulnerability that stems from the CakeDatabaseQuery::limit...

9.8CVSS8.5AI score0.00858EPSS
Exploits0References4
cakephp
cakephp
added 2023/01/06 12:0 a.m.45 views

CakePHP 4.2.11, 4.3.11, and 4.4.10 Released

CakePHP 4.2.11, 4.3.11, and 4.4.10 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.11, 4.3.11, and 4.4.10. These releases contain a security fix for the limit and offset methods of Cake\Database\Query. If passed unfiltered request data, these methods...

8.2AI score
Exploits0
Rows per page
Query Builder