Search for packages
| purl | pkg:composer/cakephp/cakephp@2.5.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4hm5-ts9r-7qhj
Aliases: GHSA-6hg4-vp5q-47mw GMS-2023-67 |
CakePHP allows direct access of prefixed controller actions Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. |
Affected by 7 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-e42e-y1zv-4yem
Aliases: CVE-2016-4793 GHSA-j8p3-8m69-2hqq |
Improper Input Validation The `clientIp` function in CakePHP allows remote attackers to spoof their IP via the `CLIENT-IP` HTTP header. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-efhb-ed55-3fdy
Aliases: CVE-2020-15400 GHSA-j33j-fg2g-mcv2 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-h378-ktx4-eufw
Aliases: GHSA-q79m-c546-2g63 GMS-2023-71 |
CakePHP vulnerable to Denial of Service attack through XML payloads RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-k87k-gfb3-vbab
Aliases: GMS-2015-41 |
Unsafe view template filenames result in a Remote File Inclusion vulnerability. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-kxax-aem6-7fdu
Aliases: GMS-2015-18 |
Unreliable data validation There's a flow in Validation::compare() and Validation::range() that makes possible to pass validation criteria using crafted data. |
Affected by 7 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-s8hu-14t1-f7bn
Aliases: GMS-2015-63 |
Direct access of prefixed controller actions Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible. |
Affected by 7 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-suka-xj97-1ya2
Aliases: GMS-2015-62 |
Uncontrolled Resource Consumption Denial of Service attack through XML payloads |
Affected by 4 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-tvvp-39ps-sqab
Aliases: GHSA-p76f-wr22-4rv6 GMS-2023-70 |
CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-tyh8-9qqj-tfdt
Aliases: GMS-2015-64 |
PHP Remote File Inclusion Remote File Inclusion through View template name manipulation. |
Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-vqhd-sy34-e3bw
Aliases: GMS-2015-17 |
Potential direct access to prefixed actions Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible. |
Affected by 7 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-yq27-7v6m-5bc5
Aliases: CVE-2015-8379 GHSA-556q-h4vr-pgh2 |
Cross-Site Request Forgery (CSRF) CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||