Description

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

Remediation

References

CVE-2016-4793

Related Vulnerabilities

WordPress Plugin WP-Client Lite::Client Portals, File Sharing, Messaging & Invoicing Local File Inclusion (1.1.1)

WordPress Plugin Answer My Question SQL Injection (1.3)

WordPress Plugin WP Support Plus Responsive Ticket System Privilege Escalation (7.1.4)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4986)

CakePHP Improper Input Validation Vulnerability (CVE-2010-4335)

Severity

High

Classification

CVE-2016-4793 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities