CVE-2023-22727

{"id": "CVE-2023-22727", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-01-17T21:15:16.550", "references": [{"url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue."}, {"lang": "es", "value": "CakePHP es un framework de desarrollo para aplicaciones web PHP. En las versiones afectadas, los m\u00e9todos `Cake\\Database\\Query::limit()` y `Cake\\Database\\Query::offset()` son vulnerables a la inyecci\u00f3n SQL si se pasan datos de solicitud de usuario sin desinfectar. Este problema se solucion\u00f3 en 4.2.12, 4.3.11, 4.4.10. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden mitigar este problema utilizando la librer\u00eda de paginaci\u00f3n de CakePHP. La validaci\u00f3n manual o la conversi\u00f3n de par\u00e1metros a estos m\u00e9todos tambi\u00e9n mitigar\u00e1 el problema."}], "lastModified": "2024-11-21T07:45:18.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54CC7CDF-D3A7-427B-B734-89E0E47778C7", "versionEndExcluding": "4.2.12", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09F4E6E5-91F9-4496-88A1-2B9DCC6D9656", "versionEndExcluding": "4.3.11", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45326B61-AA4E-4D7C-8B29-ACE4AA9951E5", "versionEndExcluding": "4.4.10", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}