Package impact
Packagist / cakephp/cakephp
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-8379 | high | 8.8 | 8.8 | 11y ago | CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter | |
| CVE-2016-4793 | high | 7.5 | 7.5 | 10y ago | CakePHP allows remote attackers to spoof their IP | |
| CVE-2012-4399 | high | 7.5 | 7.5 | 14y ago | CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references | |
| CVE-2010-4335 | high | — | 7.5 | 16y ago | CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code | |
| CVE-2011-3712 | medium | — | 5.0 | 15y ago | CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file |