CakePHP Security Bypass Vulnerability

CakePHP is the United States Cake Software Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . A security vulnerability exists in CakePHP version 2.x and version 3.x befo...

DEBIAN-CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...

CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...

CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...

Cross site request forgery (csrf)

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...

CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...

UBUNTU-CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...

CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...

CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the method parameter...

CVE-2015-8379

CakePHP 2.x and 3.x prior to 3.1.5 are vulnerable to CSRF bypass via the _method parameter. The root cause is improper CSRF protection handling for requests using _method. Impact is remote bypass of CSRF protections (no authentication required, network exposure). Affected versions: CakePHP 2.x an...

CakePHP 3.2.0 CSRF Bypass

--------------------------------------------------------------- CakePHP document.forms0.submit - Solution: No official solution is curr...

Remote File Inclusion through View template name manipulation

More info at https://bakery.cakephp.org/2015/11/05/cakephp30153142612276released.html...

CakePHP 3.1.4, 3.0.15, 2.7.6 and 2.6.12 released

CakePHP 3.1.4, 3.0.15, 2.7.6 and 2.6.12 released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.1.4, 3.0.15, 2.7.6, and 2.6.12. These releases contain security fixes. 3.1.4 and 2.7.6 also contain bugfixes. Security Fixes These releases contain fixes for a Remot...

Debian DLA-333-1 : cakephp security update

CakePHP, an open source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class...

[SECURITY] [DLA 333-1] cakephp security update

Package : cakephp Version : 1.3.2-1.1+deb6u11 CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is...

DLA-333-1 cakephp - security update

Bulletin has no description...

CakePHP 3.0.5 XML Class SSRF

============================================================================= Title : CakePHP Xml class SSRF Vulnerability CVE Number : N/A not assigned Affected Software : Confirmed on CakePHP v3.0.5 prior versions may also be affected Credit : Takeshi Terada of Mitsui Bussan Secure Directions,...

Bedita 3.5.1 - XSS Vulnerabilities

Exploit for php platform in category web applications Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications ===================...

Direct access of prefixed controller actions

More info at https://bakery.cakephp.org/2015/08/06/cakephp2592610272released.html...

CakePHP 2.5.9, 2.6.11 & 2.7.2 Released

CakePHP 2.5.9, 2.6.11 & 2.7.2 Released The CakePHP core team is ready to announce the immediate availability of CakePHP 2.5.9, 2.6.11, and 2.7.2. These releases contain important security updates for applications using prefix routing. Security Issues There are two issues that can impact the...