5 matches found
Improper Access Control
cakephp/cakephp is vulnerable to Improper Access Control. The vulnerability exists due to mass assignment issues when multiple POST requests manipulate the same model allowing an attacker to perform cross form submissions to the SecurityComponent...
CakePHP SecurityComponent cross form submission issue
Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...
GHSA-J9Q2-F9Q7-JHGQ CakePHP SecurityComponent cross form submission issue
Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...
SecurityComponent cross form submission issue
More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...
SecurityComponent cross form submission issue
More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...