Tanaka

**Name of the Vulnerable Software and Affected Versions** CakePHP versions prior to 4.2.12 CakePHP versions prior to 4.3.11 CakePHP versions prior to 4.4.10 **Description** The issue concerns SQL injection vulnerability in the `CakeDatabaseQuery::limit()` and `CakeDatabaseQuery::offset()` methods when passed un-sanitized user request data. This can be exploited if these methods receive input directly from user requests without proper validation or sanitization. Users are advised to upgrade to mitigate this issue. For users unable to upgrade, using CakePHP's Pagination library or manually validating and casting parameters to these methods can also mitigate the issue. **Recommendations** For versions prior to 4.2.12, upgrade to version 4.2.12 or later. For versions prior to 4.3.11, upgrade to version 4.3.11 or later. For versions prior to 4.4.10, upgrade to version 4.4.10 or later. As a temporary workaround, consider using CakePHP's Pagination library to mitigate the issue. Manually validating or casting parameters to the `CakeDatabaseQuery::limit()` and `CakeDatabaseQuery::offset()` methods will also mitigate the issue.