A critical security vulnerability has been detected in the CakePHP Framework, which is designed to develop web applications using the PHP programming language.

The vulnerability, identified as CVE-2023-22727, allows remote attackers to perform SQL injection attacks on affected installations. The vulnerability is caused by insufficient cleaning of user-provided inputs.

The vulnerability has been fixed in versions 4.2.12, 4.3.11, and 4.4.10 of CakePHP, and users of vulnerable versions are advised to upgrade immediately. If upgrading is not possible, users can consider using the Pagination library of CakePHP to address the issue.

Critical SQLi Alarm in CakePHP

Perspective of the Month | APT Groups

BellaCiao: The New Malware From Iran’s Charming Kitten

Security News Digest | Security Newsletter | April 27, 2023

Cyber Security Trends in 2023: What You Need to Know

We know what hackers know about you

Solutions

Use Case

Partners

Company