| CVE-2015-8379 |
high |
8.8 |
8.8 |
|
|
|
11y ago |
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter |
| CVE-2016-4793 |
high |
7.5 |
8.5 |
|
|
|
10y ago |
CakePHP allows remote attackers to spoof their IP |
| CVE-2012-4399 |
high |
7.5 |
8.5 |
|
|
|
14y ago |
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references |
| CVE-2010-4335 |
high |
— |
8.5 |
|
|
|
16y ago |
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code |
| CVE-2011-3712 |
medium |
— |
5.0 |
|
|
|
15y ago |
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file |
| CVE-2006-5031 |
unknown |
— |
1.0 |
|
|
|
4y ago |
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files |
| CVE-2026-23643 |
unknown |
— |
— |
|
|
|
5mo ago |
CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting |
| CVE-2023-22727 |
unknown |
— |
— |
|
|
|
3y ago |
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection |
| CVE-2020-35239 |
unknown |
— |
— |
|
|
|
4y ago |
CakePHP allows method override parameters to bypass CSRF checks |
| CVE-2006-4067 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site scripting (XSS) vulnerability in CakePHP |
| CVE-2020-15400 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-Site Request Forgery in CakePHP |
| CVE-2019-11458 |
unknown |
— |
— |
|
|
|
7y ago |
Unsafe deserialization in SmtpTransport in CakePHP |
