Search for vulnerabilities
| Vulnerability ID | VCID-nsq5-7j7c-hbak |
| Aliases |
GHSA-p76f-wr22-4rv6
GMS-2023-70 |
| Summary | CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | MODERATE | https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-p76f-wr22-4rv6 |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/commit/5e60cc5d182e6131e3fbdfdf69f49d560c9ff78b |
| generic_textual | MODERATE | https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-11-05.yaml |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-12T07:57:24.058625+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-p76f-wr22-4rv6/GHSA-p76f-wr22-4rv6.json | 38.6.0 |