| CVE-2015-8379 |
high |
8.8 |
8.8 |
11y ago |
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter |
|
| CVE-2016-4793 |
high |
7.5 |
7.5 |
10y ago |
CakePHP allows remote attackers to spoof their IP |
|
| CVE-2012-4399 |
high |
7.5 |
7.5 |
14y ago |
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references |
|
| CVE-2010-4335 |
high |
— |
7.5 |
16y ago |
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code |
|
| CVE-2011-3712 |
medium |
— |
5.0 |
15y ago |
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file |
|
| CVE-2026-23643 |
unknown |
— |
— |
4mo ago |
CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting |
|
| CVE-2023-22727 |
unknown |
— |
— |
3y ago |
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection |
|
| CVE-2020-35239 |
unknown |
— |
— |
4y ago |
CakePHP allows method override parameters to bypass CSRF checks |
|
| CVE-2006-5031 |
unknown |
— |
— |
4y ago |
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files |
|
| CVE-2006-4067 |
unknown |
— |
— |
4y ago |
Cross-site scripting (XSS) vulnerability in CakePHP |
|
| CVE-2020-15400 |
unknown |
— |
— |
4y ago |
Cross-Site Request Forgery in CakePHP |
|
| CVE-2019-11458 |
unknown |
— |
— |
7y ago |
Unsafe deserialization in SmtpTransport in CakePHP |
|