Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.
Advisories for Composer/Usmanhalalit/Pixie package
2019