Description

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

Remediation

References

CVE-2015-8379

Related Vulnerabilities

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.6.5)

WordPress Plugin Content text slider on post Cross-Site Scripting (6.8)

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)

WordPress Plugin Check & Log Email SQL Injection (1.0.2)

Severity

High

Classification

CVE-2015-8379 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities