CakePHP 4.4.10 release security fixes has been announced for immediate availability by the core developer team.
CakePHP is an open-source web framework written in PHP. It follows the model–view–controller (MVC) software architectural pattern, and is used for developing web applications.
This release contain a security fix for the limit()
and offset()
methods of Cake\Database\Query
. These patches fix some vulnerabilities such as if unfiltered request data is passed, these methods would allow for SQL injection. If the web application does not use CakePHP’s Pagination wrappers and directly passes request data into one of these methods the application vulnerability would be breached.
To get the full list of bug fixes you can check out the changelog here to review every commit.
You can head over to the releases page to download a copy of the CakePHP 4.4.10 release source code.
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.