A critical security vulnerability has been detected in the CakePHP Framework, which is designed to develop web applications using the PHP programming language.
The vulnerability, identified as CVE-2023-22727, allows remote attackers to perform SQL injection attacks on affected installations. The vulnerability is caused by insufficient cleaning of user-provided inputs.
The vulnerability has been fixed in versions 4.2.12, 4.3.11, and 4.4.10 of CakePHP, and users of vulnerable versions are advised to upgrade immediately. If upgrading is not possible, users can consider using the Pagination library of CakePHP to address the issue.