CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

295 matches found

Github Security Blog•added 2023/01/20 11:23 p.m.•18 views

CakePHP vulnerable to Denial of Service attack through XML payloads

RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages Xml::build which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML...

4.5AI score

Exploits0References4Affected Software1

OSV•added 2023/01/20 11:23 p.m.•21 views

GHSA-Q79M-C546-2G63 CakePHP vulnerable to Denial of Service attack through XML payloads

7AI score

Exploits0References4

Github Security Blog•added 2023/01/20 11:22 p.m.•14 views

CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

2.8AI score

Exploits0References4Affected Software1

OSV•added 2023/01/20 11:22 p.m.•20 views

GHSA-J9Q2-F9Q7-JHGQ CakePHP SecurityComponent cross form submission issue

7AI score

Exploits0References4

OSV•added 2023/01/20 11:2 p.m.•19 views

GHSA-829Q-V5G8-HHXC CakePHP has incorrect Cross-Site Request Forgery validation

CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data...

7.1AI score

Exploits0References4

Github Security Blog•added 2023/01/20 11:2 p.m.•15 views

CakePHP has incorrect Cross-Site Request Forgery validation

CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data...

2.2AI score

Exploits0References4Affected Software1

OSV•added 2023/01/20 5:30 p.m.•145 views

GHSA-6G8Q-QFPV-57WP CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection

Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...

9.8CVSS9.8AI score0.0093EPSS

Exploits0References5

Github Security Blog•added 2023/01/20 5:30 p.m.•39 views

CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection

9.8CVSS9.8AI score0.0093EPSS

Exploits0References5Affected Software2

Positive Technologies•added 2023/01/20 12:0 a.m.•1 views

PT-2023-33075 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 3.4 prior to 3.4.14 CakePHP versions 3.5 prior to 3.5.17 CakePHP versions 3.6 prior to 3.6.4 Description: The issue is a cross-site-scripting XSS vulnerability found in the development only missing route and duplicate named...

6.6AI score

Exploits0References5

NVD•added 2023/01/17 9:15 p.m.•7 views

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS9.9AI score0.0093EPSS

Exploits0References3

OSV•added 2023/01/17 9:15 p.m.•4 views

DEBIAN-CVE-2023-22727

9.8CVSS7.9AI score0.0093EPSS

Exploits0References1

OSV•added 2023/01/17 9:15 p.m.•0 views

UBUNTU-CVE-2023-22727

9.8CVSS5.8AI score0.0093EPSS

Exploits0References5

Prion•added 2023/01/17 9:15 p.m.•12 views

Sql injection

7.5CVSS9.8AI score0.0093EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2023/01/17 9:15 p.m.•277 views

CVE-2023-22727

9.8CVSS7.1AI score0.0093EPSS

Exploits0References4

Cvelist•added 2023/01/17 8:41 p.m.•13 views

CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp

9.8CVSS10AI score0.0093EPSS

Exploits0References3

CVE•added 2023/01/17 8:41 p.m.•66 views

CVE-2023-22727

Summary of CVE-2023-22727 (CakePHP): CakePHP's core database query methods, Cake\Database\Query::limit() and Cake\Database\Query::offset(), are vulnerable to SQL injection when fed unsanitized user input. This vulnerability affects affected CakePHP versions prior to fixes and is addressed in vers...

9.8CVSS9.9AI score0.0093EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/01/17 8:41 p.m.•8 views

CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp

9.8CVSS10AI score0.0093EPSS

Exploits0References3

OSV•added 2023/01/17 8:41 p.m.•18 views

CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp

9.8CVSS9.6AI score0.0093EPSS

Exploits0References5

Debian CVE•added 2023/01/17 8:41 p.m.•3 views

CVE-2023-22727

9.8CVSS8.1AI score0.0093EPSS

Exploits0

CNNVD•added 2023/01/17 12:0 a.m.•2 views

CakePHP SQL注入漏洞

CakePHP is the U.S. CAKE Foundation of a MVC-based architecture , open source Web development framework. The framework has flexible view caching, automatic generation of CRUD code and other features. CakePHP suffers from an SQL injection vulnerability that stems from the CakeDatabaseQuery::limit...

9.8CVSS8.5AI score0.0093EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by