CakePHP Security Bypass Vulnerability (CNVD-2017-01244)

CakePHP is the United States Cake Software Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . A security vulnerability exists in the 'clientIp' function in CakePHP 3.2.4...

Design/Logic Flaw

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...