Potential SQL Injection with limit() CVE-2011-0448 Posted on 10 February 2011 by kosmas Security announcement about potential SQL injection with limit(). Full details here. Versions affected 3.0.0 to 3.0.3.