Cakephp: >> Cakephp >> 1.3.7 Security Vulnerabilities
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
CVSS Score
7.5
EPSS Score
0.092
Published
2017-01-23
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-23