Search for vulnerabilities
| Vulnerability ID | VCID-4hm5-ts9r-7qhj |
| Aliases |
GHSA-6hg4-vp5q-47mw
GMS-2023-67 |
| Summary | CakePHP allows direct access of prefixed controller actions Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | MODERATE | https://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-6hg4-vp5q-47mw |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/commit/056f24a77428ad35e23cab6840a72b7c25c4ccc0 |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/releases/tag/2.5.9 |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/releases/tag/2.6.11 |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/releases/tag/2.7.2 |
| generic_textual | MODERATE | https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-08-06.yaml |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T20:59:31.822274+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-67.yml | 38.6.0 |