295 matches found
Design/Logic Flaw
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
UBUNTU-CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation, potentially allowing remote exploitation in conjunction with XSS. Affected software is CakePHP prior to 4.0.6; the issue is tied to CSRF token handling, not general input validation. Remediation mentioned in public release is to upgrade to Ca...
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
cakephp.1045679.n5.nabble.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1181935 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Arbitrary File Overwrite
cakephp/cakephp is vulnerable to arbitrary file overwrite. The SmtpTransport module could be used to overwrite arbitrary files on the web server during deserialization of malicious values...
Unsafe deserialization in SmtpTransport in CakePHP
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
GHSA-QHRX-HCM6-PMRW Unsafe deserialization in SmtpTransport in CakePHP
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
CVE-2019-11458
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
CVE-2019-11458
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
CVE-2019-11458
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
Design/Logic Flaw
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
CVE-2019-11458
CVE-2019-11458 affects CakePHP (SmtpTransport) in version 3.7.6 where an unserialized object with modified internal properties can trigger arbitrary file overwriting on destruction. The root cause is unsafe deserialization in SmtpTransport, enabling file overwrite with webserver write access. The...
CVE-2019-11458
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
CVE-2019-11458
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
PT-2019-12320 · Cakephp · Cakephp
Name of the Vulnerable Software and Affected Versions: CakePHP version 3.7.6 Description: An issue in SmtpTransport allows an unserialized object with modified internal properties to trigger arbitrary file overwriting upon destruction. Recommendations: For CakePHP version 3.7.6, consider disablin...
Remote Code Execution (RCE)
cakephp/cakephp is vulnerable to remote code execution RCE attacks. The vulnerability occurs due to unsafe serialization of a socket in SmtpTransport.php in a broken state...
CakePHP 3.7.7, 3.6.15 and 3.5.18 released
CakePHP 3.7.7, 3.6.15 and 3.5.18 released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.7.7, 3.6.15 and 3.5.18. These releases contain a security related fix for CVE-2019-11458. The vulnerability affects applications that open serialized content from user inpu...