3 matches found
CVE-2016-4793
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...
CVE-2016-4793
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...
CVE-2016-4793
The CVE-2016-4793 issue affects CakePHP up to version 3.2.4, where the clientIp function can be coerced to accept spoofed IPs via the CLIENT-IP HTTP header. This enables remote IP spoofing and may bypass IP-based access controls and enable injection-like issues as described in linked advisories. ...