Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

PHP Framework

CakePHP

CakePHP is an open-source web framework. It follows the model and controller (MVC) approach and is written in PHP modeled after the concepts of Ruby on Rails and distributed under the MIT License.

Official Site:

https://cakephp.org/

Severity Summary:

Critical: 1 High: 5 Medium: 5
Reference
Title
Severity
CVE-2023-22727
CakePHP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2019-11458
CakePHP Deserialization of Untrusted Data Vulnerability
High
CVE-2016-4793
CakePHP Improper Input Validation Vulnerability
High
CVE-2020-35239
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2010-4335
CakePHP Improper Input Validation Vulnerability
High
CVE-2015-8379
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2020-15400
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2012-4399
CakePHP Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2011-3712
CakePHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2006-5031
CakePHP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2006-4067
CakePHP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium