GSD-2023-22727

Vulnerability from gsd - Updated: 2023-12-13 01:20
Details
CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.
Aliases
Aliases
CVE-2023-22727
To clipboard 

{
  "GSD": {
    "alias": "CVE-2023-22727",
    "id": "GSD-2023-22727"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-22727"
      ],
      "details": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP\u0027s Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.",
      "id": "GSD-2023-22727",
      "modified": "2023-12-13T01:20:42.906400Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-22727",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "cakephp",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 4.2.0, \u003c 4.2.12"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 4.3.0, \u003c 4.3.11"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 4.4.0, \u003c 4.4.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "cakephp"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP\u0027s Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-89",
                "lang": "eng",
                "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp",
            "refsource": "MISC",
            "url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp"
          },
          {
            "name": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239",
            "refsource": "MISC",
            "url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239"
          },
          {
            "name": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html",
            "refsource": "MISC",
            "url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-6g8q-qfpv-57wp",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=4.2.0,\u003c4.2.12||\u003e=4.3.0,\u003c4.3.11||\u003e=4.4.0,\u003c4.4.10",
          "affected_versions": "All versions starting from 4.2.0 before 4.2.12, all versions starting from 4.3.0 before 4.3.11, all versions starting from 4.4.0 before 4.4.10",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-89",
            "CWE-937"
          ],
          "date": "2023-01-25",
          "description": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods is vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP\u0027s Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.",
          "fixed_versions": [
            "4.2.12",
            "4.3.11",
            "4.4.10"
          ],
          "identifier": "CVE-2023-22727",
          "identifiers": [
            "CVE-2023-22727",
            "GHSA-6g8q-qfpv-57wp"
          ],
          "not_impacted": "All versions before 4.2.0, all versions starting from 4.2.12 before 4.3.0, all versions starting from 4.3.11 before 4.4.0, all versions starting from 4.4.10",
          "package_slug": "packagist/cakephp/cakephp",
          "pubdate": "2023-01-17",
          "solution": "Upgrade to versions 4.2.12, 4.3.11, 4.4.10 or above.",
          "title": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "urls": [
            "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp",
            "https://nvd.nist.gov/vuln/detail/CVE-2023-22727",
            "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239",
            "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html",
            "https://github.com/advisories/GHSA-6g8q-qfpv-57wp"
          ],
          "uuid": "b555ce8e-5269-4524-b294-141d84b6852e"
        },
        {
          "affected_range": "\u003e=4.2.0,\u003c4.2.12||\u003e=4.3.0,\u003c4.3.11||\u003e=4.4.0,\u003c4.4.10",
          "affected_versions": "All versions starting from 4.2.0 before 4.2.12, all versions starting from 4.3.0 before 4.3.11, all versions starting from 4.4.0 before 4.4.10",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-89",
            "CWE-937"
          ],
          "date": "2023-01-25",
          "description": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods is vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP\u0027s Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.",
          "fixed_versions": [
            "4.2.12",
            "4.3.11",
            "4.4.10"
          ],
          "identifier": "CVE-2023-22727",
          "identifiers": [
            "GHSA-6g8q-qfpv-57wp",
            "CVE-2023-22727"
          ],
          "not_impacted": "All versions before 4.2.0, all versions starting from 4.2.12 before 4.3.0, all versions starting from 4.3.11 before 4.4.0, all versions starting from 4.4.10",
          "package_slug": "packagist/cakephp/database",
          "pubdate": "2023-01-20",
          "solution": "Upgrade to versions 4.2.12, 4.3.11, 4.4.10 or above.",
          "title": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "urls": [
            "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp",
            "https://nvd.nist.gov/vuln/detail/CVE-2023-22727",
            "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239",
            "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html",
            "https://github.com/advisories/GHSA-6g8q-qfpv-57wp"
          ],
          "uuid": "8be8003f-d0b4-4c69-b58e-c39601deb65d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.10",
                "versionStartIncluding": "4.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.11",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.12",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-22727"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP\u0027s Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html"
            },
            {
              "name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp"
            },
            {
              "name": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-25T02:23Z",
      "publishedDate": "2023-01-17T21:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.