VulnerableCode Package Details - pkg:composer/cakephp/cakephp@3.0.0

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-14jg-2a3x-r7b6 Aliases: GMS-2015-61	Cross-Site Request Forgery (CSRF) Incorrect CSRF validation in cakephp.	3.0.4 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-251n-1k53-57dd Aliases: CVE-2015-8379 GHSA-556q-h4vr-pgh2	CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.	3.1.5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-3cx6-dpsf-xkhw Aliases: CVE-2016-4793 GHSA-j8p3-8m69-2hqq	The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.	3.0.17 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.12 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4nzp-mvbw-5kax Aliases: GHSA-q79m-c546-2g63 GMS-2023-71	CakePHP vulnerable to Denial of Service attack through XML payloads RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads.	3.0.6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-74cw-ufme-5yfh Aliases: CVE-2020-15400 GHSA-j33j-fg2g-mcv2	CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.	3.10.3 Affected by 0 other vulnerabilities. 4.0.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9fz7-k62h-eydd Aliases: CVE-2019-11458 GHSA-qhrx-hcm6-pmrw	Unsafe deserialization in SmtpTransport in CakePHP	3.5.18 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.6.15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.7.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kptr-z8uk-wfew Aliases: GHSA-829q-v5g8-hhxc GMS-2023-68	CakePHP has incorrect Cross-Site Request Forgery validation CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data.	3.0.4 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nsq5-7j7c-hbak Aliases: GHSA-p76f-wr22-4rv6 GMS-2023-70	CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.	3.0.15 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pjc3-66nj-mqe6 Aliases: GMS-2015-64	PHP Remote File Inclusion Remote File Inclusion through View template name manipulation.	3.0.15 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.0-RC1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yrzx-r3q3-43ej Aliases: GMS-2015-41	Unsafe view template filenames result in a Remote File Inclusion vulnerability.	3.0.15 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.0-RC1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yzq8-e9u1-3bbe Aliases: GMS-2015-62	Uncontrolled Resource Consumption Denial of Service attack through XML payloads	3.0.6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Next non-vulnerable version	3.10.3
Latest non-vulnerable version	5.3.1
Risk	10.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:25:15.668424+00:00	GHSA Importer	Affected by	VCID-nsq5-7j7c-hbak	https://github.com/advisories/GHSA-p76f-wr22-4rv6	38.6.0
2026-06-13T06:25:15.026294+00:00	GHSA Importer	Affected by	VCID-4nzp-mvbw-5kax	https://github.com/advisories/GHSA-q79m-c546-2g63	38.6.0
2026-06-13T06:25:14.781493+00:00	GHSA Importer	Affected by	VCID-kptr-z8uk-wfew	https://github.com/advisories/GHSA-829q-v5g8-hhxc	38.6.0
2026-06-12T18:12:29.391415+00:00	GitLab Importer	Affected by	VCID-251n-1k53-57dd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2015-8379.yml	38.6.0
2026-06-12T17:22:16.054033+00:00	GitLab Importer	Affected by	VCID-74cw-ufme-5yfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2020-15400.yml	38.6.0
2026-06-12T17:16:06.679629+00:00	GitLab Importer	Affected by	VCID-9fz7-k62h-eydd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2019-11458.yml	38.6.0
2026-06-12T16:52:17.968882+00:00	GitLab Importer	Affected by	VCID-3cx6-dpsf-xkhw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2016-4793.yml	38.6.0
2026-06-12T16:48:57.810309+00:00	GitLab Importer	Affected by	VCID-yrzx-r3q3-43ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-41.yml	38.6.0
2026-06-12T15:45:22.681871+00:00	GitLab Importer	Affected by	VCID-kptr-z8uk-wfew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-68.yml	38.6.0
2026-06-12T15:45:22.266958+00:00	GitLab Importer	Affected by	VCID-nsq5-7j7c-hbak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml	38.6.0
2026-06-12T15:45:21.698439+00:00	GitLab Importer	Affected by	VCID-4nzp-mvbw-5kax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-71.yml	38.6.0
2026-06-12T15:39:17.658087+00:00	GitLab Importer	Affected by	VCID-pjc3-66nj-mqe6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-64.yml	38.6.0
2026-06-12T15:39:14.618293+00:00	GitLab Importer	Affected by	VCID-yzq8-e9u1-3bbe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-62.yml	38.6.0
2026-06-12T15:39:14.127500+00:00	GitLab Importer	Affected by	VCID-14jg-2a3x-r7b6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-61.yml	38.6.0
2026-06-11T20:25:41.754863+00:00	GHSA Importer	Affected by	VCID-9fz7-k62h-eydd	https://github.com/advisories/GHSA-qhrx-hcm6-pmrw	38.6.0