cakephp/cakephp Security Advisories for 2.4.9 (3)

  • Remote File Inclusion through View template name manipulation

    Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.99|>=2.4.0,<2.4.99|>=2.5.0,<2.5.99|>=2.6.0,<2.6.12|>=2.7.0,<2.7.6|>=3.0.0,<3.0.15|>=3.1.0,<3.1.4

    Reported by:
    FriendsOfPHP/security-advisories

  • Direct access of prefixed controller actions

    Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.99|>=2.4.0,<2.4.99|>=2.5.0,<2.5.9|>=2.6.0,<2.6.11|>=2.7.0,<2.7.2

    Reported by:
    FriendsOfPHP/security-advisories

  • Denial of Service attack through XML payloads

    Affected version: >=3.0.0,<3.0.6|>=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.99|>=2.4.0,<2.4.99|>=2.5.0,<2.5.90|>=2.6.0,<2.6.6

    Reported by:
    FriendsOfPHP/security-advisories