WEB APPLICATION VULNERABILITIES Standard & Premium

CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8379)

Description

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

Remediation

References

Related Vulnerabilities

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5624)

Joomla Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-5671)

WordPress Plugin TinyMCE Advanced Cross-Site Request Forgery (4.1)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31545)

Envoy Proxy Use After Free Vulnerability (CVE-2023-35943)

Severity

High

Classification

CVE-2015-8379 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities