=====================================================================

                              CERT-Renater

                  Note d'Information No. 2023/VULN012

_____________________________________________________________________

DATE                : 19/01/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running cakephp versions prior to 4.2.12,
                                        4.3.11, 4.4.10.

=====================================================================
https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp
_____________________________________________________________________



Database\Query::offset() and limit() vulnerable to SQL injection
Moderate
markstory published GHSA-6g8q-qfpv-57wp

Package    cakephp/cakephp (Composer)

Affected versions
 > =4.2.0, <4.2.12
 > =4.3.0, <4.3.11
 > =4.4.0, <4.4.10

Patched versions
4.2.12
4.3.11
4.4.10


Description

Impact

The Cake\Database\Query::limit() and Cake\Database\Query::offset()
methods are vulnerable to SQL injection if passed un-sanitized
user request data.


Patches

This issue has been fixed in 4.2.12, 4.3.11, 4.4.10


Workarounds

Using CakePHP's Pagination library will mitigate this issue, as
will validating or casting parameters to these methods.


References

https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html


Severity
Moderate

CVE ID
CVE-2023-22727

Weaknesses
CWE-89


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================