Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/cakephp/cakephp@3.1.4
purl pkg:composer/cakephp/cakephp@3.1.4
Next non-vulnerable version 3.10.3
Latest non-vulnerable version 5.3.1
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-2ggf-ncwr-tkea
Aliases:
CVE-2019-11458
GHSA-qhrx-hcm6-pmrw
3.5.18
Affected by 1 other vulnerability.
3.6.15
Affected by 1 other vulnerability.
3.7.7
Affected by 1 other vulnerability.
VCID-e42e-y1zv-4yem
Aliases:
CVE-2016-4793
GHSA-j8p3-8m69-2hqq
Improper Input Validation The `clientIp` function in CakePHP allows remote attackers to spoof their IP via the `CLIENT-IP` HTTP header.
3.1.12
Affected by 3 other vulnerabilities.
3.2.5
Affected by 2 other vulnerabilities.
VCID-efhb-ed55-3fdy
Aliases:
CVE-2020-15400
GHSA-j33j-fg2g-mcv2
3.10.3
Affected by 0 other vulnerabilities.
4.0.6
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-k87k-gfb3-vbab Unsafe view template filenames result in a Remote File Inclusion vulnerability. GMS-2015-41
VCID-tvvp-39ps-sqab CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation. GHSA-p76f-wr22-4rv6
GMS-2023-70
VCID-tyh8-9qqj-tfdt PHP Remote File Inclusion Remote File Inclusion through View template name manipulation. GMS-2015-64

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T05:49:13.300505+00:00 GitLab Importer Affected by VCID-efhb-ed55-3fdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2020-15400.yml 38.6.0
2026-05-31T21:34:58.173520+00:00 GHSA Importer Fixing VCID-tvvp-39ps-sqab https://github.com/advisories/GHSA-p76f-wr22-4rv6 38.6.0
2026-05-31T11:05:40.883508+00:00 GithubOSV Importer Fixing VCID-tvvp-39ps-sqab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-p76f-wr22-4rv6/GHSA-p76f-wr22-4rv6.json 38.6.0
2026-05-31T10:01:03.176149+00:00 GitLab Importer Affected by VCID-2ggf-ncwr-tkea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2019-11458.yml 38.6.0
2026-05-31T09:37:45.538941+00:00 GitLab Importer Affected by VCID-e42e-y1zv-4yem https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2016-4793.yml 38.6.0
2026-05-30T20:59:32.475830+00:00 GitLab Importer Fixing VCID-tvvp-39ps-sqab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml 38.6.0
2026-05-30T20:52:18.392366+00:00 GitLab Importer Fixing VCID-k87k-gfb3-vbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-41.yml 38.6.0
2026-05-30T20:52:18.312715+00:00 GitLab Importer Fixing VCID-tyh8-9qqj-tfdt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-64.yml 38.6.0