Описание
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cakephp | not-affected | package |
Примечания
https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5
https://github.com/cakephp/cakephp/issues/19172
Introduced by: https://github.com/cakephp/cakephp/commit/87b366cb714f6872e5609a9749ccbfd529886c1b (5.2.10)
Fixed by: https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f (5.3.1)
Связанные уязвимости
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.
CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting