DEBIAN-CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

Design/Logic Flaw

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

UBUNTU-CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

CVE-2016-4793

The CVE-2016-4793 issue affects CakePHP up to version 3.2.4, where the clientIp function can be coerced to accept spoofed IPs via the CLIENT-IP HTTP header. This enables remote IP spoofing and may bypass IP-based access controls and enable injection-like issues as described in linked advisories. ...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

Multiple Security Bypass Vulnerabilities in CakePHP

CakePHP is the United States Cake Software Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . CakePHP has multiple security bypass vulnerabilities that can be exploited ...

Debian DLA-566-1 : cakephp security update

CakePHP, an open source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class...

[SECURITY] [DLA 566-1] cakephp security update

Package : cakephp Version : 1.3.15-1+deb7u1 Debian Bug : 832283 CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML a...

DLA-566-1 cakephp - security update

Bulletin has no description...

CakePHP Framework 3.2.4 - IP Spoofing

CakePHP Framework 3.2.4 - IP Spoofing ============================================= - Release date: 12.05.2016 - Discovered by: Dawid Golunski - Severity: Medium ============================================= I. VULNERABILITY ------------------------- CakePHP Framework = 3.2.4 IP Spoofing...

CakePHP Framework 3.2.4 - IP Spoofing

Exploit for php platform in category web applications ============================================= - Release date: 12.05.2016 - Discovered by: Dawid Golunski - Severity: Medium ============================================= I. VULNERABILITY ------------------------- CakePHP Framework = 3.2.4 IP...

CakePHP Framework 3.2.4 - IP Spoofing

============================================= - Release date: 12.05.2016 - Discovered by: Dawid Golunski - Severity: Medium ============================================= I. VULNERABILITY ------------------------- CakePHP Framework = 3.2.4 IP Spoofing Vulnerability 3.1.11 2.8.1 2.7.10 2.6.12 II...

CakePHP Framework 3.2.4 IP Spoofing

http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt ============================================= - Release date: 12.05.2016 - Discovered by: Dawid Golunski - Severity: Medium ============================================= I. VULNERABILITY ------------------------- CakePHP...

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.8.3, 3.0.18, 3.1.13, and 3.2.6. These releases contain security fixes. 3.2.6 and 2.8.3 also contain bugfixes. Security Fixes These releases fix a weakness in...

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5. These releases contain security fixes. 3.2.5 and 2.8.2 also contain bugfixes. Security Fixes These...

CakePHP 3.0.16, 3.1.11, and 3.2.3 Released

CakePHP 3.0.16, 3.1.11, and 3.2.3 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.0.16, 3.1.11, and 3.2.3. These releases contain security fixes. 3.2.3 and also contains bugfixes. Security Fixes An issue in PaginatorHelper has been fixed that would allo...

MGASA-2016-0044 Updated cakephp package fixes security vulnerability

CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class...

Updated cakephp package fixes security vulnerability

CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class...