Description
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Remediation
References
Related Vulnerabilities
XWikiplatform Missing Authorization Vulnerability (CVE-2024-31987)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3530)
Phusion Passenger Other Vulnerability (CVE-2014-1831)
WordPress Plugin Church Admin Cross-Site Scripting (0.856)
WordPress Plugin Clean Login Cross-Site Scripting (1.12.6.3)