GHSA-7VW7-QX38-37VR Propel2 SQL injection possible with limit() on MySQL

The limit query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: UserQuery::create-limit'1;DROP TABLE users'-find; This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either...

PT-2024-40161 · Propel · Propel

Name of the Vulnerable Software and Affected Versions: Propel versions 1.x through 3.x Description: The issue arises from the limit query method being susceptible to catastrophic SQL injection when using MySQL. This occurs due to a lack of integer casting of the limit input in either...