Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist cakephp/cakephp Security Advisories

Browse all Security Advisories for packagist cakephp/cakephp

Loading...
Moderate
GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB
CakePHP vulnerable to Cross-site Scripting in some development error pages
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02aGc0LXZwNXEtNDdtd84AAxG_
CakePHP allows direct access of prefixed controller actions
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6
CakePHP has incorrect Cross-Site Request Forgery validation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05cGd4LXBmMzYtdzQ2cs4AAnV9
CakePHP allows method override parameters to bypass CSRF checks
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nMnZ4LTh2NDctNHZoaM4AAgCu
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yN3A2LWZyM3gtcjg3N84AAfus
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01OTY0LXBxOHItNHE2Ms4AAfIB
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NTZxLWg0dnItcGdoMs4AAV_g
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qOHAzLThtNjktMmhxcc4AAVTw
CakePHP allows remote attackers to spoof their IP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ydzczLXhtcHYtajV4Ms2NbQ
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12YzI5LW12d3Ytd3Bjcc2KDg
Cross-site scripting (XSS) vulnerability in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozM2otZmcyZy1tY3Yy
Cross-Site Request Forgery in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFocngtaGNtNi1wbXJ3
Unsafe deserialization in SmtpTransport in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 5 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 mautic/core 37 nilsteampassnet/teampass 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 contao/core-bundle 24 magento/core 24 zendframework/zendframework 23 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 getkirby/cms 22 tribalsystems/zenario 22 funadmin/funadmin 20 laravel/framework 20 contao/contao 19 cockpit-hq/cockpit 18 forkcms/forkcms 18 topthink/framework 18 francoisjacquet/rosariosis 17 opencart/opencart 17 symfony/security 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 genix/cms 17 typo3/cms-backend 16 phpbb/phpbb 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 16 october/system 15 ec-cube/ec-cube 15 symfony/security-http 15 smarty/smarty 15 feehi/cms 14 dompdf/dompdf 14 bolt/bolt 14 silverstripe/cms 14 phpmailer/phpmailer 14 elefant/cms 13 sylius/sylius 13 impresscms/impresscms 13 codeigniter4/framework 13 admidio/admidio 13 lavalite/cms 13 pimcore/admin-ui-classic-bundle 13 studio-42/elfinder 13 phpmyfaq/phpmyfaq 12 symfony/http-foundation 12 phpoffice/phpspreadsheet 12 wwbn/avideo 12 feehi/feehicms 11 wallabag/wallabag 11 nukeviet/nukeviet 11 ezsystems/ezplatform-kernel 11 tinymce/tinymce 11 pagekit/pagekit 11 TinyMCE 11 tinymce 11 sulu/sulu 10 yiisoft/yii2 10 ezsystems/ezpublish-legacy 10 october/october 10 ssddanbrown/bookstack 10 alextselegidis/easyappointments 9 contao/core 9 twbs/bootstrap 9 kevinpapst/kimai2 9 statamic/cms 9 concrete5/core 9 bootstrap 9 bootstrap 9 bootstrap 9 org.webjars:bootstrap 9 codiad/codiad 8 mantisbt/mantisbt 8 october/cms 8 facturascripts/facturascripts 8 gilacms/gila 8 croogo/croogo 8 twig/twig 8 pimcore/customer-management-framework-bundle 8 silverstripe/admin 8 composer/composer 8 pterodactyl/panel 8 silverstripe/graphql 8 ezsystems/ezplatform-admin-ui 8 bootstrap.sass 7 october/backend 7 symfony/http-kernel 7 wpglobus/wpglobus 7 bootstrap-sass 7 passbolt/passbolt_api 7 backdrop/backdrop 7 billz/raspap-webgui 7 flarum/core 7 oro/platform 6 nystudio107/craft-seomatic 6 in2code/femanager 6 yourls/yourls 6 bagisto/bagisto 6 yiisoft/yii2-dev 6 icecoder/icecoder 6 dweeves/magmi 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 guzzlehttp/guzzle 6 vrana/adminer 6 gleez/cms 6 phpseclib/phpseclib 6 pear/archive_tar 6 kimai/kimai 5 symfony/security-bundle 5 illuminate/database 5 woocommerce/woocommerce 5 neos/neos 5 symfony/security-core 5 bootstrap-sass 5 phpservermon/phpservermon 5 neos/flow 5 limesurvey/limesurvey 5 bottelet/flarepoint 5 elgg/elgg 5 phpxmlrpc/phpxmlrpc 5 gugoan/economizzer 5 typo3/cms-install 5 cachethq/cachet 5 mautic/core-lib 5 ibexa/core 5 simplesamlphp/saml2 5 silverstripe/assets 5 thinkcmf/thinkcmf 5 typo3/flow 5 codeigniter/framework 5 anchorcms/anchor-cms 5 adodb/adodb-php 4 bytefury/crater 4 codeigniter4/shield 4 ezyang/htmlpurifier 4 sylius/resource-bundle 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 magento/product-community-edition 4 appwrite/server-ce 4 shopxo/shopxo 4 idno/known 4 wintercms/winter 4 reportico-web/reportico 4 pyrocms/pyrocms 4 ezsystems/ezplatform 4 zendframework/zendopenid 4 processwire/processwire 4 shopware/storefront 4 automad/automad 4 friendsofsymfony/user-bundle 4 typo3/cms-frontend 4 wp-premium/gravityforms 4 oro/commerce 4 spatie/browsershot 4 evolutioncms/evolution 4 typo3/html-sanitizer 4 ckeditor4 3 verbb/comments 3 flarum/framework 3 joomla/joomla-cms 3 symfony/form 3 zendframework/zendservice-api 3 zendframework/zend-http 3 orchid/platform 3 enshrined/svg-sanitize 3 django-tinymce 3 joomla/framework 3 amphp/http-client 3
Filter by Repository
https://github.com/cakephp/cakephp 11