VulnerableCode Package Details - pkg:composer/cakephp/cakephp@3.0.3

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-2ggf-ncwr-tkea Aliases: CVE-2019-11458 GHSA-qhrx-hcm6-pmrw		3.5.18 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.6.15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.7.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-aqdf-npt1-5fa9 Aliases: GMS-2015-61	Cross-Site Request Forgery (CSRF) Incorrect CSRF validation in cakephp.	3.0.4 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e42e-y1zv-4yem Aliases: CVE-2016-4793 GHSA-j8p3-8m69-2hqq	Improper Input Validation The `clientIp` function in CakePHP allows remote attackers to spoof their IP via the `CLIENT-IP` HTTP header.	3.0.17 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.12 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-efhb-ed55-3fdy Aliases: CVE-2020-15400 GHSA-j33j-fg2g-mcv2		3.10.3 Affected by 0 other vulnerabilities. 4.0.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-h378-ktx4-eufw Aliases: GHSA-q79m-c546-2g63 GMS-2023-71	CakePHP vulnerable to Denial of Service attack through XML payloads RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads.	3.0.6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k87k-gfb3-vbab Aliases: GMS-2015-41	Unsafe view template filenames result in a Remote File Inclusion vulnerability.	3.0.15 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.0-RC1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q8vy-uanb-rfbc Aliases: GHSA-829q-v5g8-hhxc GMS-2023-68	Cross-Site Request Forgery (CSRF) in cakephp/cakephp.	3.0.4 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-suka-xj97-1ya2 Aliases: GMS-2015-62	Uncontrolled Resource Consumption Denial of Service attack through XML payloads	3.0.6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tvvp-39ps-sqab Aliases: GHSA-p76f-wr22-4rv6 GMS-2023-70	CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.	3.0.15 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tyh8-9qqj-tfdt Aliases: GMS-2015-64	PHP Remote File Inclusion Remote File Inclusion through View template name manipulation.	3.0.15 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.0-RC1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yq27-7v6m-5bc5 Aliases: CVE-2015-8379 GHSA-556q-h4vr-pgh2	Cross-Site Request Forgery (CSRF) CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.	3.1.5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Next non-vulnerable version	3.10.3
Latest non-vulnerable version	5.3.1
Risk	4.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T07:15:59.609366+00:00	GitLab Importer	Affected by	VCID-q8vy-uanb-rfbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-68.yml	38.6.0
2026-06-01T07:15:58.489012+00:00	GitLab Importer	Affected by	VCID-tvvp-39ps-sqab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml	38.6.0
2026-06-01T07:15:56.813688+00:00	GitLab Importer	Affected by	VCID-h378-ktx4-eufw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-71.yml	38.6.0
2026-06-01T06:43:10.605209+00:00	GitLab Importer	Affected by	VCID-yq27-7v6m-5bc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2015-8379.yml	38.6.0
2026-06-01T05:49:13.193371+00:00	GitLab Importer	Affected by	VCID-efhb-ed55-3fdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2020-15400.yml	38.6.0
2026-05-31T10:01:03.128378+00:00	GitLab Importer	Affected by	VCID-2ggf-ncwr-tkea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2019-11458.yml	38.6.0
2026-05-31T09:37:45.484179+00:00	GitLab Importer	Affected by	VCID-e42e-y1zv-4yem	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2016-4793.yml	38.6.0
2026-05-31T09:34:35.769505+00:00	GitLab Importer	Affected by	VCID-k87k-gfb3-vbab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-41.yml	38.6.0
2026-05-31T09:34:35.503332+00:00	GitLab Importer	Affected by	VCID-tyh8-9qqj-tfdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-64.yml	38.6.0
2026-05-31T09:34:07.390619+00:00	GitLab Importer	Affected by	VCID-suka-xj97-1ya2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-62.yml	38.6.0
2026-05-31T09:34:04.349853+00:00	GitLab Importer	Affected by	VCID-aqdf-npt1-5fa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-61.yml	38.6.0