Vulnerabilities > Cakephp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2020-35239 | Cross-Site Request Forgery (CSRF) vulnerability in Cakephp A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. | 8.8 |
| 2019-05-08 | CVE-2019-11458 | Deserialization of Untrusted Data vulnerability in Cakephp 3.7.6 An issue was discovered in SmtpTransport in CakePHP 3.7.6. | 7.5 |
| 2017-01-23 | CVE-2016-4793 | Improper Input Validation vulnerability in Cakephp The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. | 7.5 |
| 2016-01-26 | CVE-2015-8379 | Cross-Site Request Forgery (CSRF) vulnerability in Cakephp CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter. | 8.8 |