RSS   Vulnerabilities for 'Cakephp'   RSS

2017-01-23
 
CVE-2016-4793

CWE-20
 
 
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

 
2016-01-26
 
CVE-2015-8379

CWE-352
 
 
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

 

Copyright 2024, cxsecurity.com

 

Back to Top