Name of the Vulnerable Software and Affected Versions: Propel versions 1.x through 3.x

Description: The limit() query method in Propel is susceptible to catastrophic SQL injection when used with MySQL. This occurs due to a lack of integer casting of the limit input in either PropelRuntimeActiveQueryCriteria::setLimit() or PropelRuntimeAdapterPdoMysqlAdapter::applyLimit(). The issue allows for malicious SQL commands to be executed, potentially leading to severe consequences such as dropping tables. For instance, a query like UserQuery::create()->limit('1;DROP TABLE users')->find(); could result in the users table being dropped. This behavior is unexpected since one of the primary purposes of an Object-Relational Mapping (ORM) system like Propel is to prevent basic SQL injection attacks.

Recommendations: For all affected versions of Propel (1.x through 3.x), consider disabling the limit() query method until a patch is available to prevent SQL injection attacks. Restrict access to sensitive database operations to minimize the risk of exploitation. Avoid using user-input data directly in the limit() method to prevent malicious SQL commands from being injected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.