Impact
The Cake\Database\Query::limit() and Cake\Database\Query::offset() methods are vulnerable to SQL injection if passed un-sanitized user request data.
Patches
This issue has been fixed in 4.2.12, 4.3.11, 4.4.10
Workarounds
Using CakePHP’s Paginati…
[org.jeecgframework.boot:jeecg-module-system] Jeecg-boot is vulnerable to SQL injection
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. A patch was released in commit 0fc374.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-47105
https://github.com/jeecgboot/jeecg-…
[shopware/platform] Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Impact
In Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows in the template to call any global PHP function.
Patches
The problem has been fixed with 6.4.18.1 wi…
[liftkit/database] SQL Injection in liftkit/database
A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to ad…
[publify_core] Integer overflow in publify_core
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1812
https://github.com/publify/publify/commit/29a5837c29620e33857d7a5…
[publify_core] Publify Improper Input Validation vulnerability
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0299
https://github.com/publify/publify/commit/ca46da283572b4f8c0b5aa245008756c8a5fd1b1
https://huntr.dev/bounties/004…
[pyload-ng] Code Injection in pyload-ng
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0297
https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d
https://huntr.dev/bounties/3fd606f7-83…
[webbrowser] webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45299
https://github.com/offalltn/CVE-2022-45299
https://git…
[global-modules-path] global-modules-path Command Injection vulnerability
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2…
[webpa/webpa] WebPA SQL Injection vulnerability
A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 can to address this issue. The name of the patch is 8836c4f54…