0.032 Low
EPSS
Percentile
91.2%
CakePHP is vulnerable to cross-site request forgery (CSRF) bypass. Attackers can use the _method function to bypass the built-in CSRF security checks.
_method
blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.html
seclists.org/fulldisclosure/2016/Jan/42
bakery.cakephp.org/2015/11/29/cakephp_315_released.html