cakephp/cakephp Security Advisories for 3.1.1 (5)
-
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
Affected version: >=2.0.0-alpha,<3.1.5
Reported by:
GitHub -
CakePHP allows remote attackers to spoof their IP
Affected version: >=3.2.0-rc1,<3.2.5|>=3.1.0-beta1,<3.1.12|>=3.0.0-rc1,<3.0.17|>=2.8.0-rc1,<2.8.2|>=2.7.0-rc1,<2.7.11|>=1.2.0,<2.6.13
Reported by:
GitHub -
Reported by:
GitHub -
Unsafe deserialization in SmtpTransport
Affected version: >=3.0.0,<3.5.18|>=3.6.0,<3.6.15|>=3.7.0,<3.7.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
Remote File Inclusion through View template name manipulation
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.99|>=2.4.0,<2.4.99|>=2.5.0,<2.5.99|>=2.6.0,<2.6.12|>=2.7.0,<2.7.6|>=3.0.0,<3.0.15|>=3.1.0,<3.1.4
Reported by:
FriendsOfPHP/security-advisories, GitHub