4 matches found
EUVD-2019-0800
Malware in sbrugna...
Debian DLA-835-1 : cakephp security update
Dawid Golunski from legalhackers.com discovered that cakephp, an application development framework for PHP, contains a vulnerability that allows attackers to spoof the source IP address. It would allow them to bypass access control lists, or the injection of malicious data which, if treated as...
MGASA-2016-0044 Updated cakephp package fixes security vulnerability
CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class...
Remote File Inclusion through View template name manipulation
More info at https://bakery.cakephp.org/2015/11/05/cakephp30153142612276released.html...