3 matches found
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
Linux Distros Unpatched Vulnerability : CVE-2020-15400
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. CVE-2020-15400 Note that Nessus relies on the...
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation, potentially allowing remote exploitation in conjunction with XSS. Affected software is CakePHP prior to 4.0.6; the issue is tied to CSRF token handling, not general input validation. Remediation mentioned in public release is to upgrade to Ca...