Vulnerabilities > Cakefoundation > Cakephp > 1.1.6.3264
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-30 | CVE-2020-15400 | Cross-Site Request Forgery (CSRF) vulnerability in Cakefoundation Cakephp CakePHP before 4.0.6 mishandles CSRF token generation. | 4.3 |
| 2006-09-27 | CVE-2006-5031 | Path Traversal vulnerability in Cakefoundation Cakephp Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-08-10 | CVE-2006-4067 | Cross-Site Scripting vulnerability in Cakefoundation Cakephp Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. | 4.3 |