Vulnerabilities (CVE)

Filtered by vendor Cakephp Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4793 1 Cakephp 1 Cakephp 2024-02-04 5.0 MEDIUM 7.5 HIGH
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
CVE-2015-8379 1 Cakephp 1 Cakephp 2024-02-04 6.8 MEDIUM 8.8 HIGH
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.