FKIE_CVE-2023-22727

Vulnerability from fkie_nvd - Published: 2023-01-17 21:15 - Updated: 2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.
References
security-advisories@github.comhttps://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.htmlRelease Notes, Vendor Advisory
security-advisories@github.comhttps://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wpThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wpThird Party Advisory
Impacted products
Vendor Product Version
cakephp cakephp *
cakephp cakephp *
cakephp cakephp *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54CC7CDF-D3A7-427B-B734-89E0E47778C7",
              "versionEndExcluding": "4.2.12",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F4E6E5-91F9-4496-88A1-2B9DCC6D9656",
              "versionEndExcluding": "4.3.11",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45326B61-AA4E-4D7C-8B29-ACE4AA9951E5",
              "versionEndExcluding": "4.4.10",
              "versionStartIncluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP\u0027s Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue."
    },
    {
      "lang": "es",
      "value": "CakePHP es un framework de desarrollo para aplicaciones web PHP. En las versiones afectadas, los m\u00e9todos `Cake\\Database\\Query::limit()` y `Cake\\Database\\Query::offset()` son vulnerables a la inyecci\u00f3n SQL si se pasan datos de solicitud de usuario sin desinfectar. Este problema se solucion\u00f3 en 4.2.12, 4.3.11, 4.4.10. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden mitigar este problema utilizando la librer\u00eda de paginaci\u00f3n de CakePHP. La validaci\u00f3n manual o la conversi\u00f3n de par\u00e1metros a estos m\u00e9todos tambi\u00e9n mitigar\u00e1 el problema."
    }
  ],
  "id": "CVE-2023-22727",
  "lastModified": "2024-11-21T07:45:18.273",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-17T21:15:16.550",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.