Cakephp: >> Cakephp >> 1.1.7.3363 Security Vulnerabilities
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
CVSS Score
7.5
EPSS Score
0.092
Published
2017-01-23
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
CVSS Score
5.0
EPSS Score
0.069
Published
2006-09-27