Lucene search

Cakephp Security Vulnerabilities

cve

CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

8.8CVSS

8.6AI Score

0.032EPSS

2016-01-26 07:59 PM

cve

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

7.5CVSS

7.3AI Score

0.058EPSS

2017-01-23 09:59 PM

cve

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit() and Cake\Database\Query::offset() methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to up...

9.8CVSS

9.8AI Score

0.002EPSS

2023-01-17 09:15 PM