313 matches found
CakePHP SecurityComponent cross form submission issue
Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...
GHSA-J9Q2-F9Q7-JHGQ CakePHP SecurityComponent cross form submission issue
Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...
CakePHP has incorrect Cross-Site Request Forgery validation
CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data...
GHSA-829Q-V5G8-HHXC CakePHP has incorrect Cross-Site Request Forgery validation
CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data...
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...
GHSA-6G8Q-QFPV-57WP CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...
PT-2023-33075 · Cakephp · Cakephp
Name of the Vulnerable Software and Affected Versions: CakePHP versions 3.4 prior to 3.4.14 CakePHP versions 3.5 prior to 3.5.17 CakePHP versions 3.6 prior to 3.6.4 Description: The issue is a cross-site-scripting XSS vulnerability found in the development only missing route and duplicate named...
CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
DEBIAN-CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
Sql injection
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
UBUNTU-CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
CVE-2023-22727
Summary of CVE-2023-22727 (CakePHP): CakePHP's core database query methods, Cake\Database\Query::limit() and Cake\Database\Query::offset(), are vulnerable to SQL injection when fed unsanitized user input. This vulnerability affects affected CakePHP versions prior to fixes and is addressed in vers...
CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
PT-2023-18668 · Cakephp · Cakephp
Name of the Vulnerable Software and Affected Versions: CakePHP versions prior to 4.2.12 CakePHP versions prior to 4.3.11 CakePHP versions prior to 4.4.10 Description: The issue concerns SQL injection vulnerability in the CakeDatabaseQuery::limit and CakeDatabaseQuery::offset methods when passed...
CakePHP SQL注入漏洞
CakePHP is the U.S. CAKE Foundation of a MVC-based architecture , open source Web development framework. The framework has flexible view caching, automatic generation of CRUD code and other features. CakePHP suffers from an SQL injection vulnerability that stems from the CakeDatabaseQuery::limit...
CakePHP 4.2.11, 4.3.11, and 4.4.10 Released
CakePHP 4.2.11, 4.3.11, and 4.4.10 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.11, 4.3.11, and 4.4.10. These releases contain a security fix for the limit and offset methods of Cake\Database\Query. If passed unfiltered request data, these methods...