Vulnerabilities > Cakefoundation > Cakephp > 1.3.7

DATE CVE VULNERABILITY TITLE RISK
2020-06-30 CVE-2020-15400 Cross-Site Request Forgery (CSRF) vulnerability in Cakefoundation Cakephp
CakePHP before 4.0.6 mishandles CSRF token generation.
4.3
2011-09-23 CVE-2011-3712 Information Exposure vulnerability in Cakefoundation Cakephp 1.3.7
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
network
low complexity
cakefoundation CWE-200
5.0