Cakefoundation Cakephp vulnerabilities
3 known vulnerabilities affecting cakefoundation/cakephp.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-15400MEDIUMCVSS 4.3fixed in 4.0.62020-06-30
CVE-2020-15400 [MEDIUM] CWE-79 CVE-2020-15400: CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunc
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
nvd
CVE-2012-4399HIGHCVSS 7.5PoC≥ 2.1.0, < 2.1.5≥ 2.2.0, < 2.2.12012-10-09
CVE-2012-4399 [HIGH] CWE-611 CVE-2012-4399: The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read a
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
nvd
CVE-2010-4335HIGHCVSS 7.5PoCv1.3.02011-01-14
CVE-2010-4335 [HIGH] CWE-20 CVE-2010-4335: The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary loc
nvd