GHSA-7VW7-QX38-37VR Propel2 SQL injection possible with limit() on MySQL
The limit query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: UserQuery::create-limit'1;DROP TABLE users'-find; This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either...