Description
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Analytics Dashboard Cross-Site Scripting (2.1.1)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-23620)
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2023-5678)
WordPress Plugin Tickera-WordPress Event Ticketing Unspecified Vulnerability (3.4.6.7)