VulnerableCode Package Details - pkg:composer/cakephp/cakephp@3.1.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/cakephp/cakephp@3.1.2

Essentials
History (7)

purl	pkg:composer/cakephp/cakephp@3.1.2

Next non-vulnerable version	3.10.3
Latest non-vulnerable version	5.3.1
Risk

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-251n-1k53-57dd Aliases: CVE-2015-8379 GHSA-556q-h4vr-pgh2	CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.	3.1.5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-3cx6-dpsf-xkhw Aliases: CVE-2016-4793 GHSA-j8p3-8m69-2hqq	The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.	3.1.12 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-74cw-ufme-5yfh Aliases: CVE-2020-15400 GHSA-j33j-fg2g-mcv2	CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.	3.10.3 Affected by 0 other vulnerabilities. 4.0.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9fz7-k62h-eydd Aliases: CVE-2019-11458 GHSA-qhrx-hcm6-pmrw	Unsafe deserialization in SmtpTransport in CakePHP	3.5.18 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.6.15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.7.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-nsq5-7j7c-hbak Aliases: GHSA-p76f-wr22-4rv6 GMS-2023-70	CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.	3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pjc3-66nj-mqe6 Aliases: GMS-2015-64	PHP Remote File Inclusion Remote File Inclusion through View template name manipulation.	3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yrzx-r3q3-43ej Aliases: GMS-2015-41	Unsafe view template filenames result in a Remote File Inclusion vulnerability.	3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T18:44:39.276782+00:00	GitLab Importer	Affected by	VCID-nsq5-7j7c-hbak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml	38.6.0
2026-06-12T18:12:29.498222+00:00	GitLab Importer	Affected by	VCID-251n-1k53-57dd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2015-8379.yml	38.6.0
2026-06-12T17:22:16.158205+00:00	GitLab Importer	Affected by	VCID-74cw-ufme-5yfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2020-15400.yml	38.6.0
2026-06-12T17:16:06.782608+00:00	GitLab Importer	Affected by	VCID-9fz7-k62h-eydd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2019-11458.yml	38.6.0
2026-06-12T16:52:18.073330+00:00	GitLab Importer	Affected by	VCID-3cx6-dpsf-xkhw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2016-4793.yml	38.6.0
2026-06-12T16:48:57.883402+00:00	GitLab Importer	Affected by	VCID-yrzx-r3q3-43ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-41.yml	38.6.0
2026-06-12T16:48:57.483950+00:00	GitLab Importer	Affected by	VCID-pjc3-66nj-mqe6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-64.yml	38.6.0