Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/cakephp/cakephp@2.6.12

Type composer

Namespace cakephp

Name cakephp

Version 2.6.12

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.10.3

Latest_non_vulnerable_version 5.3.1

Affected_by_vulnerabilities

url VCID-cp8q-ar71-mqdf

vulnerability_id VCID-cp8q-ar71-mqdf

summary

Cross-Site Request Forgery (CSRF)
CakePHP mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15400

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24635
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15400

reference_url

https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html

reference_url

https://bakery.cakephp.org/2022/05/08/cakephp_3103_released.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2022/05/08/cakephp_3103_released.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985673
reference_id	985673
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985673

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15400

reference_id

CVE-2020-15400

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15400

fixed_packages

url	pkg:composer/cakephp/cakephp@3.10.3
purl	pkg:composer/cakephp/cakephp@3.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.10.3

url pkg:composer/cakephp/cakephp@4.0.6

purl pkg:composer/cakephp/cakephp@4.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xsdu-qsw4-ebaz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@4.0.6

aliases CVE-2020-15400, GHSA-j33j-fg2g-mcv2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cp8q-ar71-mqdf

url VCID-f8wn-raej-7qg4

vulnerability_id VCID-f8wn-raej-7qg4

summary

Improper Input Validation
The `clientIp` function in CakePHP allows remote attackers to spoof their IP via the `CLIENT-IP` HTTP header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4793

reference_id

reference_type

scores

value	0.08275
scoring_system	epss
scoring_elements	0.92385
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4793

reference_url

https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html

reference_url

https://github.com/cakephp/cakephp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp

reference_url

https://github.com/cakephp/cakephp/commit/908754649f70bab2b1093942e17c9a46a2fcf6c2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/908754649f70bab2b1093942e17c9a46a2fcf6c2

reference_url

https://support.citrix.com/article/CTX236992

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.citrix.com/article/CTX236992

reference_url

https://www.exploit-db.com/exploits/39813

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/39813

reference_url

http://www.securityfocus.com/bid/95846

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95846

reference_url

http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt

reference_id

CVE-2016-4793

reference_type

exploit

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/39813.txt
reference_id	CVE-2016-4793
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/39813.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4793

reference_id

CVE-2016-4793

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4793

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.13

purl pkg:composer/cakephp/cakephp@2.6.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.13

url pkg:composer/cakephp/cakephp@2.7.11

purl pkg:composer/cakephp/cakephp@2.7.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.11

url pkg:composer/cakephp/cakephp@2.8.2

purl pkg:composer/cakephp/cakephp@2.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.8.2

url pkg:composer/cakephp/cakephp@3.0.17

purl pkg:composer/cakephp/cakephp@3.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.17

url pkg:composer/cakephp/cakephp@3.1.12

purl pkg:composer/cakephp/cakephp@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.12

url pkg:composer/cakephp/cakephp@3.2.5

purl pkg:composer/cakephp/cakephp@3.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.2.5

aliases CVE-2016-4793, GHSA-j8p3-8m69-2hqq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8wn-raej-7qg4

Fixing_vulnerabilities

url VCID-cz9h-hf83-eycy

vulnerability_id VCID-cz9h-hf83-eycy

summary

CakePHP vulnerable to Remote File Inclusion through View template name manipulation
CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.

references

reference_url

https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

reference_url

https://github.com/cakephp/cakephp

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp

reference_url

https://github.com/cakephp/cakephp/commit/5e60cc5d182e6131e3fbdfdf69f49d560c9ff78b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/5e60cc5d182e6131e3fbdfdf69f49d560c9ff78b

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-11-05.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-11-05.yaml

reference_url	https://github.com/advisories/GHSA-p76f-wr22-4rv6
reference_id	GHSA-p76f-wr22-4rv6
reference_type
scores
url	https://github.com/advisories/GHSA-p76f-wr22-4rv6

fixed_packages

url	pkg:composer/cakephp/cakephp@2.0.99
purl	pkg:composer/cakephp/cakephp@2.0.99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.0.99

url	pkg:composer/cakephp/cakephp@2.1.99
purl	pkg:composer/cakephp/cakephp@2.1.99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.1.99

url	pkg:composer/cakephp/cakephp@2.2.99
purl	pkg:composer/cakephp/cakephp@2.2.99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.2.99

url	pkg:composer/cakephp/cakephp@2.3.99
purl	pkg:composer/cakephp/cakephp@2.3.99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.3.99

url	pkg:composer/cakephp/cakephp@2.4.99
purl	pkg:composer/cakephp/cakephp@2.4.99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.4.99

url	pkg:composer/cakephp/cakephp@2.5.99
purl	pkg:composer/cakephp/cakephp@2.5.99
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.5.99

url pkg:composer/cakephp/cakephp@2.6.12

purl pkg:composer/cakephp/cakephp@2.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.12

url pkg:composer/cakephp/cakephp@2.7.6

purl pkg:composer/cakephp/cakephp@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6

url pkg:composer/cakephp/cakephp@3.0.15

purl pkg:composer/cakephp/cakephp@3.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15

url pkg:composer/cakephp/cakephp@3.1.4

purl pkg:composer/cakephp/cakephp@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4

aliases GHSA-p76f-wr22-4rv6, GMS-2023-70

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cz9h-hf83-eycy

url VCID-s536-vx42-xbhk

vulnerability_id VCID-s536-vx42-xbhk

summary

PHP Remote File Inclusion
Remote File Inclusion through View template name manipulation.

references

reference_url	https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html
reference_id
reference_type
scores
url	https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.5.0-RC1

purl pkg:composer/cakephp/cakephp@2.5.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-qzjr-cpgd-uba7

vulnerability	VCID-wyxz-rb2r-zfck

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.5.0-RC1

url pkg:composer/cakephp/cakephp@2.6.0-RC1

purl pkg:composer/cakephp/cakephp@2.6.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.0-RC1

url pkg:composer/cakephp/cakephp@2.6.12

purl pkg:composer/cakephp/cakephp@2.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.12

url pkg:composer/cakephp/cakephp@2.7.0-RC

purl pkg:composer/cakephp/cakephp@2.7.0-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-RC

url pkg:composer/cakephp/cakephp@2.7.6

purl pkg:composer/cakephp/cakephp@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

url pkg:composer/cakephp/cakephp@3.0.15

purl pkg:composer/cakephp/cakephp@3.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15

url pkg:composer/cakephp/cakephp@3.1.0-RC1

purl pkg:composer/cakephp/cakephp@3.1.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.0-RC1

url pkg:composer/cakephp/cakephp@3.1.4

purl pkg:composer/cakephp/cakephp@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4

aliases GMS-2015-64

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s536-vx42-xbhk

url VCID-zbjb-pafr-uudq

vulnerability_id VCID-zbjb-pafr-uudq

summary Unsafe view template filenames result in a Remote File Inclusion vulnerability.

references

reference_url	http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html
reference_id
reference_type
scores
url	http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.6.12

purl pkg:composer/cakephp/cakephp@2.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.12

url pkg:composer/cakephp/cakephp@2.7.0-RC

purl pkg:composer/cakephp/cakephp@2.7.0-RC

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-RC

url pkg:composer/cakephp/cakephp@2.7.6

purl pkg:composer/cakephp/cakephp@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

url pkg:composer/cakephp/cakephp@3.0.15

purl pkg:composer/cakephp/cakephp@3.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15

url pkg:composer/cakephp/cakephp@3.1.0-RC1

purl pkg:composer/cakephp/cakephp@3.1.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.0-RC1

url pkg:composer/cakephp/cakephp@3.1.4

purl pkg:composer/cakephp/cakephp@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4

aliases GMS-2015-41

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbjb-pafr-uudq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.12

Package Instance