Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/cakephp/cakephp@2.6.9

Type composer

Namespace cakephp

Name cakephp

Version 2.6.9

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.10.3

Latest_non_vulnerable_version 5.3.1

Affected_by_vulnerabilities

url VCID-251n-1k53-57dd

vulnerability_id VCID-251n-1k53-57dd

summary CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

references

reference_url

http://bakery.cakephp.org/2015/11/29/cakephp_315_released.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://bakery.cakephp.org/2015/11/29/cakephp_315_released.html

reference_url

http://blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.html

reference_url

http://karmainsecurity.com/KIS-2016-01

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://karmainsecurity.com/KIS-2016-01

reference_url

http://packetstormsecurity.com/files/135301/CakePHP-3.2.0-CSRF-Bypass.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/135301/CakePHP-3.2.0-CSRF-Bypass.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8379

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.19312
published_at	2026-06-14T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19316
published_at	2026-06-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19335
published_at	2026-06-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19146
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8379

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8379
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8379

reference_url

http://seclists.org/fulldisclosure/2016/Jan/42

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2016/Jan/42

reference_url

https://github.com/cakephp/cakephp

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp

reference_url

https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8379

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8379

reference_url

http://www.securityfocus.com/archive/1/537317/100/0/threaded

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/archive/1/537317/100/0/threaded

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832316
reference_id	832316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832316

reference_url

https://github.com/advisories/GHSA-556q-h4vr-pgh2

reference_id

GHSA-556q-h4vr-pgh2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-556q-h4vr-pgh2

fixed_packages

url pkg:composer/cakephp/cakephp@3.1.5

purl pkg:composer/cakephp/cakephp@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.5

aliases CVE-2015-8379, GHSA-556q-h4vr-pgh2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-251n-1k53-57dd

url VCID-3cx6-dpsf-xkhw

vulnerability_id VCID-3cx6-dpsf-xkhw

summary The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4793

reference_id

reference_type

scores

value	0.08275
scoring_system	epss
scoring_elements	0.92426
published_at	2026-06-11T12:55:00Z

value	0.08275
scoring_system	epss
scoring_elements	0.92452
published_at	2026-06-12T12:55:00Z

value	0.08275
scoring_system	epss
scoring_elements	0.92455
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4793

reference_url

https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4793

reference_url

https://github.com/cakephp/cakephp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp

reference_url

https://github.com/cakephp/cakephp/commit/908754649f70bab2b1093942e17c9a46a2fcf6c2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/908754649f70bab2b1093942e17c9a46a2fcf6c2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4793

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4793

reference_url

https://support.citrix.com/article/CTX236992

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.citrix.com/article/CTX236992

reference_url

https://www.exploit-db.com/exploits/39813

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/39813

reference_url	https://www.exploit-db.com/exploits/39813/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/39813/

reference_url

http://www.securityfocus.com/bid/95846

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95846

reference_url

http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt

reference_id

CVE-2016-4793

reference_type

exploit

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/39813.txt
reference_id	CVE-2016-4793
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/39813.txt

reference_url

https://github.com/advisories/GHSA-j8p3-8m69-2hqq

reference_id

GHSA-j8p3-8m69-2hqq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j8p3-8m69-2hqq

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.13

purl pkg:composer/cakephp/cakephp@2.6.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.13

url pkg:composer/cakephp/cakephp@2.7.11

purl pkg:composer/cakephp/cakephp@2.7.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.11

url pkg:composer/cakephp/cakephp@2.8.2

purl pkg:composer/cakephp/cakephp@2.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.8.2

url pkg:composer/cakephp/cakephp@3.0.17

purl pkg:composer/cakephp/cakephp@3.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.17

url pkg:composer/cakephp/cakephp@3.1.12

purl pkg:composer/cakephp/cakephp@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.12

url pkg:composer/cakephp/cakephp@3.2.5

purl pkg:composer/cakephp/cakephp@3.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.2.5

aliases CVE-2016-4793, GHSA-j8p3-8m69-2hqq

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3cx6-dpsf-xkhw

url VCID-74cw-ufme-5yfh

vulnerability_id VCID-74cw-ufme-5yfh

summary CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15400

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24844
published_at	2026-06-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24645
published_at	2026-06-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2484
published_at	2026-06-14T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24857
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15400

reference_url

https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html

reference_url

https://bakery.cakephp.org/2022/05/08/cakephp_3103_released.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2022/05/08/cakephp_3103_released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15400

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985673
reference_id	985673
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985673

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15400

reference_id

CVE-2020-15400

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15400

reference_url

https://github.com/advisories/GHSA-j33j-fg2g-mcv2

reference_id

GHSA-j33j-fg2g-mcv2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j33j-fg2g-mcv2

fixed_packages

url	pkg:composer/cakephp/cakephp@3.10.3
purl	pkg:composer/cakephp/cakephp@3.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.10.3

url pkg:composer/cakephp/cakephp@4.0.6

purl pkg:composer/cakephp/cakephp@4.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73dy-kaf3-5bed

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@4.0.6

aliases CVE-2020-15400, GHSA-j33j-fg2g-mcv2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74cw-ufme-5yfh

url VCID-nsq5-7j7c-hbak

vulnerability_id VCID-nsq5-7j7c-hbak

summary

CakePHP vulnerable to Remote File Inclusion through View template name manipulation
CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.

references

reference_url

https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

reference_url

https://github.com/cakephp/cakephp

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp

reference_url

https://github.com/cakephp/cakephp/commit/5e60cc5d182e6131e3fbdfdf69f49d560c9ff78b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/5e60cc5d182e6131e3fbdfdf69f49d560c9ff78b

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-11-05.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-11-05.yaml

reference_url

https://github.com/advisories/GHSA-p76f-wr22-4rv6

reference_id

GHSA-p76f-wr22-4rv6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p76f-wr22-4rv6

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.12

purl pkg:composer/cakephp/cakephp@2.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.12

url pkg:composer/cakephp/cakephp@2.7.6

purl pkg:composer/cakephp/cakephp@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6

url pkg:composer/cakephp/cakephp@3.0.15

purl pkg:composer/cakephp/cakephp@3.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15

url pkg:composer/cakephp/cakephp@3.1.4

purl pkg:composer/cakephp/cakephp@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4

aliases GHSA-p76f-wr22-4rv6, GMS-2023-70

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsq5-7j7c-hbak

url VCID-pjc3-66nj-mqe6

vulnerability_id VCID-pjc3-66nj-mqe6

summary

PHP Remote File Inclusion
Remote File Inclusion through View template name manipulation.

references

reference_url	https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html
reference_id
reference_type
scores
url	https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.12

purl pkg:composer/cakephp/cakephp@2.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.12

url pkg:composer/cakephp/cakephp@2.7.0-RC

purl pkg:composer/cakephp/cakephp@2.7.0-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-RC

url pkg:composer/cakephp/cakephp@2.7.6

purl pkg:composer/cakephp/cakephp@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

url pkg:composer/cakephp/cakephp@3.0.15

purl pkg:composer/cakephp/cakephp@3.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15

url pkg:composer/cakephp/cakephp@3.1.0-RC1

purl pkg:composer/cakephp/cakephp@3.1.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.0-RC1

url pkg:composer/cakephp/cakephp@3.1.4

purl pkg:composer/cakephp/cakephp@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4

aliases GMS-2015-64

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjc3-66nj-mqe6

url VCID-pndg-eaey-2ydk

vulnerability_id VCID-pndg-eaey-2ydk

summary

Potential direct access to prefixed actions
Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.

references

reference_url	http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html
reference_id
reference_type
scores
url	http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.11

purl pkg:composer/cakephp/cakephp@2.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-nsq5-7j7c-hbak

vulnerability	VCID-pjc3-66nj-mqe6

vulnerability	VCID-yrzx-r3q3-43ej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.11

url pkg:composer/cakephp/cakephp@2.7.0-RC

purl pkg:composer/cakephp/cakephp@2.7.0-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-RC

url pkg:composer/cakephp/cakephp@2.7.2

purl pkg:composer/cakephp/cakephp@2.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-nsq5-7j7c-hbak

vulnerability	VCID-pjc3-66nj-mqe6

vulnerability	VCID-yrzx-r3q3-43ej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

aliases GMS-2015-17

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pndg-eaey-2ydk

url VCID-tuaz-rx17-huc6

vulnerability_id VCID-tuaz-rx17-huc6

summary

Direct access of prefixed controller actions
Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.

references

reference_url	https://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html
reference_id
reference_type
scores
url	https://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.11

purl pkg:composer/cakephp/cakephp@2.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-nsq5-7j7c-hbak

vulnerability	VCID-pjc3-66nj-mqe6

vulnerability	VCID-yrzx-r3q3-43ej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.11

url pkg:composer/cakephp/cakephp@2.7.0-RC

purl pkg:composer/cakephp/cakephp@2.7.0-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-RC

url pkg:composer/cakephp/cakephp@2.7.2

purl pkg:composer/cakephp/cakephp@2.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-nsq5-7j7c-hbak

vulnerability	VCID-pjc3-66nj-mqe6

vulnerability	VCID-yrzx-r3q3-43ej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

aliases GMS-2015-63

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tuaz-rx17-huc6

url VCID-ufhs-run3-kqag

vulnerability_id VCID-ufhs-run3-kqag

summary

Unreliable data validation
There's a flow in Validation::compare() and Validation::range() that makes possible to pass validation criteria using crafted data.

references

reference_url	http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html
reference_id
reference_type
scores
url	http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.11

purl pkg:composer/cakephp/cakephp@2.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-nsq5-7j7c-hbak

vulnerability	VCID-pjc3-66nj-mqe6

vulnerability	VCID-yrzx-r3q3-43ej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.11

url pkg:composer/cakephp/cakephp@2.7.0-RC

purl pkg:composer/cakephp/cakephp@2.7.0-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-RC

url pkg:composer/cakephp/cakephp@2.7.2

purl pkg:composer/cakephp/cakephp@2.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-nsq5-7j7c-hbak

vulnerability	VCID-pjc3-66nj-mqe6

vulnerability	VCID-yrzx-r3q3-43ej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

aliases GMS-2015-18

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufhs-run3-kqag

url VCID-v1q2-grgw-2fg2

vulnerability_id VCID-v1q2-grgw-2fg2

summary

CakePHP allows direct access of prefixed controller actions
Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters.

references

reference_url

https://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html

reference_url

https://github.com/cakephp/cakephp

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp

reference_url

https://github.com/cakephp/cakephp/commit/056f24a77428ad35e23cab6840a72b7c25c4ccc0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/056f24a77428ad35e23cab6840a72b7c25c4ccc0

reference_url

https://github.com/cakephp/cakephp/releases/tag/2.5.9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/releases/tag/2.5.9

reference_url

https://github.com/cakephp/cakephp/releases/tag/2.6.11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/releases/tag/2.6.11

reference_url

https://github.com/cakephp/cakephp/releases/tag/2.7.2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/releases/tag/2.7.2

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-08-06.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-08-06.yaml

reference_url

https://github.com/advisories/GHSA-6hg4-vp5q-47mw

reference_id

GHSA-6hg4-vp5q-47mw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6hg4-vp5q-47mw

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.11

purl pkg:composer/cakephp/cakephp@2.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-nsq5-7j7c-hbak

vulnerability	VCID-pjc3-66nj-mqe6

vulnerability	VCID-yrzx-r3q3-43ej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.11

url pkg:composer/cakephp/cakephp@2.7.2

purl pkg:composer/cakephp/cakephp@2.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-nsq5-7j7c-hbak

vulnerability	VCID-pjc3-66nj-mqe6

vulnerability	VCID-yrzx-r3q3-43ej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2

aliases GHSA-6hg4-vp5q-47mw, GMS-2023-67

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1q2-grgw-2fg2

url VCID-yrzx-r3q3-43ej

vulnerability_id VCID-yrzx-r3q3-43ej

summary Unsafe view template filenames result in a Remote File Inclusion vulnerability.

references

reference_url	http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html
reference_id
reference_type
scores
url	http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.12

purl pkg:composer/cakephp/cakephp@2.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.12

url pkg:composer/cakephp/cakephp@2.7.0-RC

purl pkg:composer/cakephp/cakephp@2.7.0-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-RC

url pkg:composer/cakephp/cakephp@2.7.6

purl pkg:composer/cakephp/cakephp@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

url pkg:composer/cakephp/cakephp@3.0.15

purl pkg:composer/cakephp/cakephp@3.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15

url pkg:composer/cakephp/cakephp@3.1.0-RC1

purl pkg:composer/cakephp/cakephp@3.1.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.0-RC1

url pkg:composer/cakephp/cakephp@3.1.4

purl pkg:composer/cakephp/cakephp@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-251n-1k53-57dd

vulnerability	VCID-3cx6-dpsf-xkhw

vulnerability	VCID-74cw-ufme-5yfh

vulnerability	VCID-9fz7-k62h-eydd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4

aliases GMS-2015-41

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzx-r3q3-43ej

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.9

Package Instance