295 matches found
Cross-site scripting (XSS) vulnerability in CakePHP
Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...
GHSA-J33J-FG2G-MCV2 Cross-Site Request Forgery in CakePHP
CakePHP before 4.0.6 and 3.10.3 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
Cross-Site Request Forgery in CakePHP
CakePHP before 4.0.6 and 3.10.3 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
Mageia: Security Advisory (MGASA-2016-0044)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-35239
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...
CVE-2020-35239
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...
CVE-2020-35239
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...
Cross site request forgery (csrf)
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...
UBUNTU-CVE-2020-35239
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...
CakePHP Cross-Site Request Forgery Vulnerability
CakePHP is the United States Cake CAKE Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . A cross-site request forgery vulnerability exists in CakePHP versions 4.0.x...
CVE-2020-35239
CVE-2020-35239 affects CakePHP 4.0.x–4.1.3. The CsrfProtectionMiddleware allows method override parameters to bypass CSRF checks by changing the HTTP method to an arbitrary string not in the allowed list, and the route middleware does not verify that this overridden method is an actual HTTP metho...
CVE-2020-35239
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...
CVE-2020-35239
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...
PT-2021-11738 · Cakephp · Cakephp
Name of the Vulnerable Software and Affected Versions: CakePHP versions 4.0.x through 4.1.3 Description: A vulnerability exists in the CsrfProtectionMiddleware component, allowing method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is n...
Vulnerability in CakePHP fixed
The makers of CakePHP have fixed a vulnerability with version 4.0.10 fixed. The security fixes fix a vulnerability in the CsrfProtectionMiddleware that allowed parameters for overwrite method CSRF checks without additional POST data bypassed. CakePHP developers have issued updates to fix the...
CakePHP 4.0.10 Released
CakePHP 4.0.10 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 4.0.10. This release contains security fixes and is a recommended upgrade for all applications still using 4.0.x. The security fixes address a vulnerability in the CsrfProtectionMiddleware tha...
CakePHP Cross-Site Request Forgery Vulnerability
CakePHP is the United States Cake Software Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . A security vulnerability exists in CakePHP versions prior to 4.0.6, which...
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
DEBIAN-CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...