CVE-2015-8379
CakePHP 2.x and 3.x prior to 3.1.5 are vulnerable to CSRF bypass via the _method parameter. The root cause is improper CSRF protection handling for requests using _method. Impact is remote bypass of CSRF protections (no authentication required, network exposure). Affected versions: CakePHP 2.x an...