Security Release - CakePHP 1.2.12, 1.3.16, 2.2.8 and 2.3.4

CakePHP 1.2.12, 1.3.16, 2.2.8 and 2.3.4 have just been released to fix a critical issue with how pagination & PaginatorComponent handle sort criteria. When paginating without a sort column whitelist it was possible to execute arbitrary SQL by manipulating the sort conditions. In the following days we will offer a full description of the vulnerability and how it can be exploited, after some reas...

crawled from : Cakephp