Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
packagist cakephp/cakephp Security Advisories
Loading...
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB
CakePHP vulnerable to Cross-site Scripting in some development error pagesEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA
CakePHP vulnerable to Remote File Inclusion through View template name manipulationEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS02aGc0LXZwNXEtNDdtd84AAxG_
CakePHP allows direct access of prefixed controller actionsEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloadsEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issueEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6
CakePHP has incorrect Cross-Site Request Forgery validationEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injectionEcosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS05cGd4LXBmMzYtdzQ2cs4AAnV9
CakePHP allows method override parameters to bypass CSRF checksEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1nMnZ4LTh2NDctNHZoaM4AAgCu
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary codeEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1yN3A2LWZyM3gtcjg3N84AAfus
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php fileEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS01OTY0LXBxOHItNHE2Ms4AAfIB
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity referencesEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS01NTZxLWg0dnItcGdoMs4AAV_g
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameterEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1qOHAzLThtNjktMmhxcc4AAVTw
CakePHP allows remote attackers to spoof their IPEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1ydzczLXhtcHYtajV4Ms2NbQ
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary filesEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS12YzI5LW12d3Ytd3Bjcc2KDg
Cross-site scripting (XSS) vulnerability in CakePHPEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: almost 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozM2otZmcyZy1tY3Yy
Cross-Site Request Forgery in CakePHPEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFocngtaGNtNi1wbXJ3
Unsafe deserialization in SmtpTransport in CakePHPEcosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 4 years ago
Filter by Severity
Filter by Ecosystem
Filter by Package
pimcore/pimcore
118
moodle/moodle
116
magento/community-edition
113
microweber/microweber
87
thorsten/phpmyfaq
68
dolibarr/dolibarr
53
typo3/cms-core
50
librenms/librenms
49
shopware/platform
43
phpmyadmin/phpmyadmin
43
showdoc/showdoc
40
baserproject/basercms
39
concrete5/concrete5
39
symfony/symfony
37
craftcms/cms
34
typo3/cms
33
snipe/snipe-it
32
shopware/core
32
intelliants/subrion
29
froxlor/froxlor
27
shopware/shopware
26
prestashop/prestashop
22
silverstripe/framework
22
remdex/livehelperchat
22
nilsteampassnet/teampass
22
centreon/centreon
21
pocketmine/pocketmine-mp
21
grumpydictator/firefly-iii
20
drupal/core
20
tribalsystems/zenario
18
getkirby/cms
18
mautic/core
18
cakephp/cakephp
17
getgrav/grav
17
yetiforce/yetiforce-crm
16
cockpit-hq/cockpit
16
francoisjacquet/rosariosis
16
forkcms/forkcms
15
ezsystems/ezpublish-kernel
13
openmage/magento-lts
13
wallabag/wallabag
13
october/system
13
lavalite/cms
12
phpmailer/phpmailer
12
impresscms/impresscms
12
feehi/feehicms
11
contao/core-bundle
11
feehi/cms
11
topthink/framework
11
elefant/cms
11
admidio/admidio
10
laravel/framework
10
smarty/smarty
10
silverstripe/cms
10
funadmin/funadmin
9
ezsystems/ezplatform-kernel
9
ssddanbrown/bookstack
9
studio-42/elfinder
9
october/cms
9
alextselegidis/easyappointments
9
sylius/sylius
9
concrete5/core
9
kevinpapst/kimai2
9
codeigniter4/framework
9
dompdf/dompdf
8
simplesamlphp/simplesamlphp
8
wwbn/avideo
8
facturascripts/facturascripts
8
october/october
8
zendframework/zendframework
8
croogo/croogo
7
october/backend
7
tinymce
7
tinymce/tinymce
7
TinyMCE
7
flarum/core
6
backdrop/backdrop
6
silverstripe/admin
6
vrana/adminer
6
statamic/cms
6
pagekit/pagekit
6
yiisoft/yii2
6
sulu/sulu
6
silverstripe/graphql
6
nystudio107/craft-seomatic
6
pimcore/customer-management-framework-bundle
6
guzzlehttp/guzzle
6
pimcore/admin-ui-classic-bundle
6
symfony/security-http
6
pterodactyl/panel
6
billz/raspap-webgui
5
cachethq/cachet
5
composer/composer
5
gugoan/economizzer
5
directmailteam/direct-mail
5
bolt/bolt
5
phpxmlrpc/phpxmlrpc
5
dweeves/magmi
5
pear/archive_tar
5
in2code/femanager
5
symfony/http-foundation
5
yourls/yourls
5
drupal/drupal
5
bottelet/flarepoint
5
gilacms/gila
5
codeigniter4/shield
4
enshrined/svg-sanitize
4
elgg/elgg
4
typo3/html-sanitizer
4
ezsystems/ezplatform-admin-ui
4
nukeviet/nukeviet
4
oro/commerce
4
notrinos/notrinos-erp
4
zendframework/zendframework1
4
idno/known
4
symfony/http-kernel
4
ibexa/core
4
bytefury/crater
4
oro/platform
4
phpservermon/phpservermon
4
froala/wysiwyg-editor
3
facade/ignition
3
zencart/zencart
3
symfony/security
3
typo3/cms-form
3
yiisoft/yii2-dev
3
spatie/browsershot
3
opencart/opencart
3
phpbb/phpbb
3
wintercms/winter
3
prestashop/productcomments
3
phpoffice/phpspreadsheet
3
zendframework/zendservice-windowsazure
3
illuminate/database
3
zendframework/zendservice-amazon
3
uvdesk/community-skeleton
3
zendframework/zendservice-api
3
sylius/resource-bundle
3
zendframework/zendrest
3
zendframework/zendservice-nirvanix
3
zendframework/zendservice-technorati
3
zendframework/zendservice-slideshare
3
zendframework/zendservice-audioscrobbler
3
zendframework/zendopenid
3
codeigniter/framework
3
artesaos/seotools
3
phpseclib/phpseclib
3
silverstripe/assets
3
anchorcms/anchor-cms
3
twig/twig
3
icecoder/icecoder
3
shopware/storefront
3
rudloff/alltube
3
joomla/joomla-cms
3
shopxo/shopxo
3
modx/revolution
3
limesurvey/limesurvey
3
verot/class.upload.php
2
ether/logs
2
buddypress/buddypress
2
privatebin/privatebin
2
athlon1600/php-proxy
2
github.com/protocolbuffers/protobuf
2
exceedone/laravel-admin
2
codiad/codiad
2
azuracast/azuracast
2
ezsystems/ezplatform-rest
2
yoast-seo-for-typo3/yoast_seo
2
miniorange/miniorange-saml
2
topthink/think
2
spipu/html2pdf
2
exceedone/exment
2
adodb/adodb-php
2
t3/dce
2
typo3/phar-stream-wrapper
2
laravel/laravel
2
prestashop/blockreassurance
2
getkirby/panel
2
tpwd/ke_search
2
sabre/dav
2
yiisoft/yii2-gii
2
cecil/cecil
2
pyrocms/pyrocms
2
badaso/core
2
noumo/easyii
2
symfony/security-bundle
2
react/http
2
appwrite/server-ce
2
ibexa/admin-ui
2
mantisbt/mantisbt
2
symfony/framework-bundle
2
sylius/grid-bundle
2
symfony/cache
2
processwire/processwire
2
simplesamlphp/saml2
2
typo3/cms-backend
2
flarum/framework
2
october/rain
2
tikiwiki/tiki-manager
2
league/commonmark
2
unisharp/laravel-filemanager
2
google/protobuf
2
typo3fluid/fluid
2
laminas/laminas-diactoros
2
cuyz/valinor
2
athlon1600/php-proxy-app
2
kitodo/presentation
2
thinkcmf/thinkcmf
2
orchid/platform
2
kimai/kimai
2
helloxz/imgurl
2
wp-graphql/wp-graphql
2
filegator/filegator
2
neos/neos
2
s-cart/s-cart
2
apache-solr-for-typo3/solr
2
bolt/core
2
yiisoft/yii
2
squizlabs/php_codesniffer
2
guzzlehttp/psr7
2
genix/cms
2
api-platform/core
2
phpfastcache/phpfastcache
2
ptrofimov/beanstalk_console
2
packbackbooks/lti-1-3-php-library
2
evolutioncms/evolution
2
Google.Protobuf
2
erusev/parsedown
2
knplabs/knp-snappy
2
latte/latte
2
protobuf
2
munkireport/munkireport
2
munkireport/managedinstalls
2
pixelfed/pixelfed
2
automad/automad
1
neos/form
1
slub/slub-events
1
swag/paypal
1
oneup/uploader-bundle
1
userfrosting/userfrosting
1
uasoft-indonesia/badaso
1
rainlab/blog-plugin
1
symfony/var-exporter
1
sheng/yiicms
1
himiklab/yii2-jqgrid-widget
1
webklex/laravel-imap
1
webklex/php-imap
1
prestashop/autoupgrade
1
robrichards/xmlseclibs
1
webcoast/deferred-image-processing
1
derhansen/fe_change_pwd
1
localizationteam/l10nmgr
1
ecodev/newsletter
1
terminal42/contao-tablelookupwizard
1
ezsystems/ezpublish-legacy
1
ibexa/post-install
1
jsdecena/laracom
1
xataface/xataface
1
airesvsg/acf-to-rest-api
1
pegasus/google-for-jobs
1
silverstripe/silverstripe-omnipay
1
topthink/thinkphp
1
mgallegos/laravel-jqgrid
1
ezsystems/ezplatform-richtext
1
lexik/jwt-authentication-bundle
1
gleez/cms
1
xpressengine/xpressengine
1
cardgate/magento2
1
prestashop/ps_linklist
1
catfan/medoo
1
encore/laravel-admin
1
oro/customer-portal
1
phpmyfaq/phpmyfaq
1
pocketmine/raklib
1
chriskacerguis/codeigniter-restserver
1
ckeditor-dev
1
codeception/codeception
1
neoan3-apps/template
1
munkireport/comment
1
doctrine/dbal
1
yidashi/yii2cmf
1
amazing/media2click
1
symfony/serializer
1
haffner/jh_captcha
1
oxid-esales/oxideshop-ce
1
area17/twill
1
harvesthq/chosen
1
gaoming13/wechat-php-sdk
1
netgen/tagsbundle
1
hillelcoren/invoice-ninja
1
webbuilders-group/silverstripe-kapost-bridge
1
zendesk/zendesk_api_client_php
1
bagisto/bagisto
1
prestashop/ps_facetedsearch
1
darylldoyle/safe-svg
1
firebase/php-jwt
1
shopware/production
1
cosenary/instagram
1
vanilla/safecurl
1
pimcore/perspective-editor
1