CVE-2023-28883: fix: [security] blind SQL injection in searchAll · cerebrate-project/cerebrate@5f1c99c

Skip to content

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

• • For

  • Enterprise

  • Teams

  • Startups

  • Education

  • By Solution

  • CI/CD & Automation

  • DevOps

  • DevSecOps

  • Case Studies

  • Customer Stories

  • Resources

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

• Pricing

• Notifications

• Fork 14

• Code

• Issues 60

• Pull requests 2

• Actions

• Projects 3

• Wiki

• Security

• Insights

Permalink

Browse files

fix: [security] blind SQL injection in searchAll

- As reported by Zigrin Security

• Loading branch information

Showing 2 changed files with 2 additions and 1 deletion.

• • • InstanceController.php
  • • InstanceTable.php

@@ -38,6 +38,7 @@ public function searchAll()

$searchValue = $this->request->getQuery(‘search’);

$model = $this->request->getQuery('model’, null);

$limit = $this->request->getQuery('limit’, 5);

$limit = is_numeric($limit) ? $limit : 5;

if (!empty($this->request->getQuery('show_all’, false))) {

$limit = null;

}

@@ -81,7 +81,7 @@ public function getStatistics(int $days=30): array

return $statistics;

}

public function searchAll($value, $user, $limit=5, $model=null)

public function searchAll($value, $user, int $limit=5, $model=null)

{

$results = [];

$models = $this->seachAllTables;

0 comments on commit 5f1c99c

Please sign in to comment.