Cakephp: >> Cakephp >> 2.0.6 Security Vulnerabilities
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
CVSS Score
7.5
EPSS Score
0.092
Published
2017-01-23
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2016-01-26