Search criteria
2 vulnerabilities found for cakephp by cakephp
CVE-2026-23643 (GCVE-0-2026-23643)
Vulnerability from cvelistv5 – Published: 2026-01-16 20:38 – Updated: 2026-01-16 21:21
VLAI?
Title
CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
Summary
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23643",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:21:32.578620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:21:56.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cakephp",
"vendor": "cakephp",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.2.10, \u003c 5.2.12"
},
{
"status": "affected",
"version": "\u003e= 5.3.0, \u003c 5.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T20:38:45.170Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5"
},
{
"name": "https://github.com/cakephp/cakephp/issues/19172",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/issues/19172"
},
{
"name": "https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f"
},
{
"name": "https://bakery.cakephp.org/2026/01/14/cakephp_5212.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://bakery.cakephp.org/2026/01/14/cakephp_5212.html"
},
{
"name": "https://github.com/cakephp/cakephp/releases/tag/5.2.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/releases/tag/5.2.12"
},
{
"name": "https://github.com/cakephp/cakephp/releases/tag/5.3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/releases/tag/5.3.1"
}
],
"source": {
"advisory": "GHSA-qh8m-9qxx-53m5",
"discovery": "UNKNOWN"
},
"title": "CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23643",
"datePublished": "2026-01-16T20:38:45.170Z",
"dateReserved": "2026-01-14T16:08:37.483Z",
"dateUpdated": "2026-01-16T21:21:56.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-22727 (GCVE-0-2023-22727)
Vulnerability from cvelistv5 – Published: 2023-01-17 20:41 – Updated: 2025-03-10 21:22
VLAI?
Title
Database Query::offset() and limit() vulnerable to SQL injection in cakephp
Summary
CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:50.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp"
},
{
"name": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239"
},
{
"name": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:15.575626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:22:35.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cakephp",
"vendor": "cakephp",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0, \u003c 4.2.12"
},
{
"status": "affected",
"version": "\u003e= 4.3.0, \u003c 4.3.11"
},
{
"status": "affected",
"version": "\u003e= 4.4.0, \u003c 4.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP\u0027s Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T20:41:10.143Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp"
},
{
"name": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239"
},
{
"name": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html"
}
],
"source": {
"advisory": "GHSA-6g8q-qfpv-57wp",
"discovery": "UNKNOWN"
},
"title": "Database Query::offset() and limit() vulnerable to SQL injection in cakephp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22727",
"datePublished": "2023-01-17T20:41:10.143Z",
"dateReserved": "2023-01-06T14:21:05.890Z",
"dateUpdated": "2025-03-10T21:22:35.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}