Search for vulnerabilities
| Vulnerability ID | VCID-v1q2-grgw-2fg2 |
| Aliases |
GHSA-6hg4-vp5q-47mw
GMS-2023-67 |
| Summary | CakePHP allows direct access of prefixed controller actions Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | MODERATE | https://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-6hg4-vp5q-47mw |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/commit/056f24a77428ad35e23cab6840a72b7c25c4ccc0 |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/releases/tag/2.5.9 |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/releases/tag/2.6.11 |
| generic_textual | MODERATE | https://github.com/cakephp/cakephp/releases/tag/2.7.2 |
| generic_textual | MODERATE | https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-08-06.yaml |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-12T07:57:24.446449+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-6hg4-vp5q-47mw/GHSA-6hg4-vp5q-47mw.json | 38.6.0 |