Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/cakephp/cakephp@2.0.0
purl pkg:composer/cakephp/cakephp@2.0.0
Tags Ghost
Next non-vulnerable version 3.10.3
Latest non-vulnerable version 5.3.1
Risk 4.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-4hm5-ts9r-7qhj
Aliases:
GHSA-6hg4-vp5q-47mw
GMS-2023-67
CakePHP allows direct access of prefixed controller actions Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters.
2.0.99
Affected by 0 other vulnerabilities.
2.1.99
Affected by 0 other vulnerabilities.
2.2.99
Affected by 0 other vulnerabilities.
2.3.99
Affected by 0 other vulnerabilities.
2.4.99
Affected by 0 other vulnerabilities.
2.5.0-RC1
Affected by 6 other vulnerabilities.
2.5.9
Affected by 7 other vulnerabilities.
2.6.11
Affected by 6 other vulnerabilities.
2.7.2
Affected by 6 other vulnerabilities.
VCID-b3ab-re57-2yew
Aliases:
GMS-2014-34
Improper Input Validation Forms secured by `SecurityComponent` could be submitted to any action without triggering SecurityComponents tampering protection.
2.4.8
Affected by 12 other vulnerabilities.
2.5.0-RC1
Affected by 6 other vulnerabilities.
VCID-h378-ktx4-eufw
Aliases:
GHSA-q79m-c546-2g63
GMS-2023-71
CakePHP vulnerable to Denial of Service attack through XML payloads RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads.
2.0.99
Affected by 0 other vulnerabilities.
2.1.99
Affected by 0 other vulnerabilities.
2.2.99
Affected by 0 other vulnerabilities.
2.3.99
Affected by 0 other vulnerabilities.
2.4.99
Affected by 0 other vulnerabilities.
2.5.0-RC1
Affected by 6 other vulnerabilities.
2.5.90
Affected by 0 other vulnerabilities.
2.6.0-RC1
Affected by 4 other vulnerabilities.
2.6.6
Affected by 10 other vulnerabilities.
3.0.6
Affected by 7 other vulnerabilities.
VCID-jj7b-ep1t-c3gw
Aliases:
GHSA-j9q2-f9q7-jhgq
GMS-2023-69
CakePHP SecurityComponent cross form submission issue Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues.
2.4.8
Affected by 12 other vulnerabilities.
VCID-s8hu-14t1-f7bn
Aliases:
GMS-2015-63
Direct access of prefixed controller actions Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.
2.5.0-RC1
Affected by 6 other vulnerabilities.
2.5.9
Affected by 7 other vulnerabilities.
2.6.0-RC1
Affected by 4 other vulnerabilities.
2.6.11
Affected by 6 other vulnerabilities.
2.7.0-RC
Affected by 3 other vulnerabilities.
2.7.2
Affected by 6 other vulnerabilities.
3.0.0-RC1
Affected by 3 other vulnerabilities.
VCID-suka-xj97-1ya2
Aliases:
GMS-2015-62
Uncontrolled Resource Consumption Denial of Service attack through XML payloads
2.5.0-RC1
Affected by 6 other vulnerabilities.
2.6.0-RC1
Affected by 4 other vulnerabilities.
2.6.6
Affected by 10 other vulnerabilities.
3.0.0-RC1
Affected by 3 other vulnerabilities.
3.0.6
Affected by 7 other vulnerabilities.
VCID-tvvp-39ps-sqab
Aliases:
GHSA-p76f-wr22-4rv6
GMS-2023-70
CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.
2.0.99
Affected by 0 other vulnerabilities.
2.1.99
Affected by 0 other vulnerabilities.
2.2.99
Affected by 0 other vulnerabilities.
2.3.99
Affected by 0 other vulnerabilities.
2.4.99
Affected by 0 other vulnerabilities.
2.5.0-RC1
Affected by 6 other vulnerabilities.
2.5.99
Affected by 0 other vulnerabilities.
2.6.0-RC1
Affected by 4 other vulnerabilities.
2.6.12
Affected by 3 other vulnerabilities.
2.7.6
Affected by 3 other vulnerabilities.
3.0.15
Affected by 4 other vulnerabilities.
3.1.4
Affected by 4 other vulnerabilities.
VCID-tyh8-9qqj-tfdt
Aliases:
GMS-2015-64
PHP Remote File Inclusion Remote File Inclusion through View template name manipulation.
2.5.0-RC1
Affected by 6 other vulnerabilities.
2.6.0-RC1
Affected by 4 other vulnerabilities.
2.6.12
Affected by 3 other vulnerabilities.
2.7.0-RC
Affected by 3 other vulnerabilities.
2.7.6
Affected by 3 other vulnerabilities.
3.0.0-RC1
Affected by 3 other vulnerabilities.
3.0.15
Affected by 4 other vulnerabilities.
3.1.0-RC1
Affected by 4 other vulnerabilities.
3.1.4
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T21:34:58.226382+00:00 GHSA Importer Affected by VCID-tvvp-39ps-sqab https://github.com/advisories/GHSA-p76f-wr22-4rv6 38.6.0
2026-05-31T21:34:57.993636+00:00 GHSA Importer Affected by VCID-4hm5-ts9r-7qhj https://github.com/advisories/GHSA-6hg4-vp5q-47mw 38.6.0
2026-05-31T21:34:57.577661+00:00 GHSA Importer Affected by VCID-h378-ktx4-eufw https://github.com/advisories/GHSA-q79m-c546-2g63 38.6.0
2026-05-31T21:34:57.519122+00:00 GHSA Importer Affected by VCID-jj7b-ep1t-c3gw https://github.com/advisories/GHSA-j9q2-f9q7-jhgq 38.6.0
2026-05-30T20:59:32.129430+00:00 GitLab Importer Affected by VCID-tvvp-39ps-sqab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml 38.6.0
2026-05-30T20:59:31.846182+00:00 GitLab Importer Affected by VCID-4hm5-ts9r-7qhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-67.yml 38.6.0
2026-05-30T20:59:31.513838+00:00 GitLab Importer Affected by VCID-h378-ktx4-eufw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-71.yml 38.6.0
2026-05-30T20:59:31.453911+00:00 GitLab Importer Affected by VCID-jj7b-ep1t-c3gw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-69.yml 38.6.0
2026-05-30T20:52:18.154328+00:00 GitLab Importer Affected by VCID-tyh8-9qqj-tfdt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-64.yml 38.6.0
2026-05-30T20:52:16.594345+00:00 GitLab Importer Affected by VCID-s8hu-14t1-f7bn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-63.yml 38.6.0
2026-05-30T20:52:15.121989+00:00 GitLab Importer Affected by VCID-suka-xj97-1ya2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-62.yml 38.6.0
2026-05-30T20:52:06.321023+00:00 GitLab Importer Affected by VCID-b3ab-re57-2yew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2014-34.yml 38.6.0