Description
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Unspecified Vulnerability (2.6.21)
Atlassian Jira CVE-2019-20402 Vulnerability (CVE-2019-20402)
WordPress Plugin WP-Members Membership Cross-Site Request Forgery (3.2.7)
WordPress Plugin Windows Desktop and iPhone Photo Uploader Arbitrary File Upload (1.8)
WordPress Plugin link-list-manager Cross-Site Scripting (1.0)