CVE-2023-22727CRITICAL≥ 4.2.0, < 4.2.12·≥ 4.3.0, < 4.3.11+1 more2023-01-20
CVE-2023-22727 [CRITICAL] CWE-89 CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
### Impact
The `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data.
### Patches
This issue has been fixed in 4.2.12, 4.3.11, 4.4.10
### Workarounds
Using CakePHP's Pagination library will mitiga
ghsaosv