If you are using CakePHP's PaginatorComponent without whitelisted sort fields you should upgrade as soon as possible to prevent possible SQL injections. CakePHP 1.2.12, 1.3.16, 2.2.8 and 2.3.4 have just been released to fix a critical issue with how pagination & PaginatorComponent handle sort criteria. When paginating without a sort column whitelist it was possible to execute arbitrary SQL by mani