VulnerableCode Package Details - pkg:composer/cakephp/cakephp@3.0.15

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/cakephp/cakephp@3.0.15

Essentials
History (9)

purl	pkg:composer/cakephp/cakephp@3.0.15

Next non-vulnerable version	3.10.3
Latest non-vulnerable version	5.3.1
Risk	10.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2ggf-ncwr-tkea Aliases: CVE-2019-11458 GHSA-qhrx-hcm6-pmrw		3.5.18 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.6.15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.7.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-e42e-y1zv-4yem Aliases: CVE-2016-4793 GHSA-j8p3-8m69-2hqq	Improper Input Validation The `clientIp` function in CakePHP allows remote attackers to spoof their IP via the `CLIENT-IP` HTTP header.	3.0.17 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.12 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-efhb-ed55-3fdy Aliases: CVE-2020-15400 GHSA-j33j-fg2g-mcv2		3.10.3 Affected by 0 other vulnerabilities. 4.0.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yq27-7v6m-5bc5 Aliases: CVE-2015-8379 GHSA-556q-h4vr-pgh2	Cross-Site Request Forgery (CSRF) CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.	3.1.5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-k87k-gfb3-vbab	Unsafe view template filenames result in a Remote File Inclusion vulnerability.	GMS-2015-41
VCID-tvvp-39ps-sqab	CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.	GHSA-p76f-wr22-4rv6 GMS-2023-70
VCID-tyh8-9qqj-tfdt	PHP Remote File Inclusion Remote File Inclusion through View template name manipulation.	GMS-2015-64

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T06:43:10.658894+00:00	GitLab Importer	Affected by	VCID-yq27-7v6m-5bc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2015-8379.yml	38.6.0
2026-06-01T05:49:13.245072+00:00	GitLab Importer	Affected by	VCID-efhb-ed55-3fdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2020-15400.yml	38.6.0
2026-05-31T21:34:58.286305+00:00	GHSA Importer	Fixing	VCID-tvvp-39ps-sqab	https://github.com/advisories/GHSA-p76f-wr22-4rv6	38.6.0
2026-05-31T11:05:40.865522+00:00	GithubOSV Importer	Fixing	VCID-tvvp-39ps-sqab	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-p76f-wr22-4rv6/GHSA-p76f-wr22-4rv6.json	38.6.0
2026-05-31T10:01:03.152806+00:00	GitLab Importer	Affected by	VCID-2ggf-ncwr-tkea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2019-11458.yml	38.6.0
2026-05-31T09:37:45.509591+00:00	GitLab Importer	Affected by	VCID-e42e-y1zv-4yem	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2016-4793.yml	38.6.0
2026-05-30T20:59:32.471332+00:00	GitLab Importer	Fixing	VCID-tvvp-39ps-sqab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml	38.6.0
2026-05-30T20:52:18.388228+00:00	GitLab Importer	Fixing	VCID-k87k-gfb3-vbab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-41.yml	38.6.0
2026-05-30T20:52:18.307406+00:00	GitLab Importer	Fixing	VCID-tyh8-9qqj-tfdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-64.yml	38.6.0