Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tvvp-39ps-sqab
Vulnerability ID VCID-tvvp-39ps-sqab
Aliases GHSA-p76f-wr22-4rv6
GMS-2023-70
Summary CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-p76f-wr22-4rv6
generic_textual MODERATE https://github.com/cakephp/cakephp
generic_textual MODERATE https://github.com/cakephp/cakephp/commit/5e60cc5d182e6131e3fbdfdf69f49d560c9ff78b
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-11-05.yaml
Reference id Reference type URL
https://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html
https://github.com/cakephp/cakephp
https://github.com/cakephp/cakephp/commit/5e60cc5d182e6131e3fbdfdf69f49d560c9ff78b
https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-11-05.yaml
GHSA-p76f-wr22-4rv6 https://github.com/advisories/GHSA-p76f-wr22-4rv6
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-05-30T20:59:32.113631+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml 38.6.0