Vulnerabilities > Cakephp

DATE CVE VULNERABILITY TITLE RISK
2023-01-17 CVE-2023-22727 SQL Injection vulnerability in Cakephp
CakePHP is a development framework for PHP web apps.
network
low complexity
cakephp CWE-89
critical
9.8
2017-01-23 CVE-2016-4793 Improper Input Validation vulnerability in Cakephp
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
network
low complexity
cakephp CWE-20
5.0
2016-01-26 CVE-2015-8379 Cross-Site Request Forgery (CSRF) vulnerability in Cakephp
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
network
cakephp CWE-352
6.8