Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist cakephp/cakephp Security Advisories

Loading...
High
GSA_kwCzR0hTQS01NTZxLWg0dnItcGdoMs4AAV_g
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01OTY0LXBxOHItNHE2Ms4AAfIB
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nMnZ4LTh2NDctNHZoaM4AAgCu
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS05cGd4LXBmMzYtdzQ2cs4AAnV9
CakePHP allows method override parameters to bypass CSRF checks
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yN3A2LWZyM3gtcjg3N84AAfus
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB
CakePHP vulnerable to Cross-site Scripting in some development error pages
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02aGc0LXZwNXEtNDdtd84AAxG_
CakePHP allows direct access of prefixed controller actions
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6
CakePHP has incorrect Cross-Site Request Forgery validation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1qOHAzLThtNjktMmhxcc4AAVTw
CakePHP allows remote attackers to spoof their IP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12YzI5LW12d3Ytd3Bjcc2KDg
Cross-site scripting (XSS) vulnerability in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozM2otZmcyZy1tY3Yy
Cross-Site Request Forgery in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ydzczLXhtcHYtajV4Ms2NbQ
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFocngtaGNtNi1wbXJ3
Unsafe deserialization in SmtpTransport in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: over 3 years ago
Filter by Severity
Moderate 5,145 High 4,556 Critical 2,099 Low 676
Filter by Ecosystem
maven 3,859 npm 3,126 pypi 2,605 packagist 1,696 go 1,243 nuget 939 rubygems 711 cargo 640 hex 21 actions 10 pub 5
Filter by Package
pimcore/pimcore 100 microweber/microweber 75 thorsten/phpmyfaq 54 moodle/moodle 53 shopware/platform 41 typo3/cms-core 39 showdoc/showdoc 36 shopware/core 32 librenms/librenms 31 snipe/snipe-it 29 concrete5/concrete5 27 craftcms/cms 24 dolibarr/dolibarr 22 remdex/livehelperchat 22 typo3/cms 19 froxlor/froxlor 19 mautic/core 18 pocketmine/pocketmine-mp 18 shopware/shopware 18 silverstripe/framework 18 baserproject/basercms 17 cakephp/cakephp 17 yetiforce/yetiforce-crm 16 drupal/core 16 grumpydictator/firefly-iii 15 francoisjacquet/rosariosis 15 nilsteampassnet/teampass 15 symfony/symfony 14 tribalsystems/zenario 13 ezsystems/ezpublish-kernel 12 phpmailer/phpmailer 12 getkirby/cms 12 openmage/magento-lts 12 forkcms/forkcms 12 getgrav/grav 12 feehi/feehicms 11 intelliants/subrion 11 prestashop/prestashop 10 contao/core-bundle 10 october/system 10 centreon/centreon 9 concrete5/core 9 kevinpapst/kimai2 9 ssddanbrown/bookstack 8 ezsystems/ezplatform-kernel 8 funadmin/funadmin 8 topthink/framework 8 alextselegidis/easyappointments 8 codeigniter4/framework 8 sylius/sylius 8 wwbn/avideo 8 elefant/cms 8 facturascripts/facturascripts 8 impresscms/impresscms 8 october/backend 7 october/cms 7 feehi/cms 7 magento/community-edition 7 laravel/framework 7 smarty/smarty 7 wallabag/wallabag 7 backdrop/backdrop 6 dompdf/dompdf 6 simplesamlphp/simplesamlphp 6 guzzlehttp/guzzle 6 phpmyadmin/phpmyadmin 6 pterodactyl/panel 6 flarum/core 5 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 sulu/sulu 5 symfony/http-foundation 5 lavalite/cms 5 yourls/yourls 5 bottelet/flarepoint 5 symfony/security-http 5 enshrined/svg-sanitize 4 pimcore/customer-management-framework-bundle 4 pear/archive_tar 4 directmailteam/direct-mail 4 cockpit-hq/cockpit 4 bolt/bolt 4 ezsystems/ezplatform-admin-ui 4 in2code/femanager 4 nukeviet/nukeviet 4 pagekit/pagekit 4 cachethq/cachet 4 notrinos/notrinos-erp 4 idno/known 4 symfony/http-kernel 4 tinymce 4 TinyMCE 4 tinymce/tinymce 4 bytefury/crater 4 phpoffice/phpspreadsheet 3 typo3/cms-form 3 elgg/elgg 3 spatie/browsershot 3 silverstripe/admin 3 prestashop/productcomments 3 illuminate/database 3 uvdesk/community-skeleton 3 sylius/resource-bundle 3 nystudio107/craft-seomatic 3 ibexa/core 3 silverstripe/assets 3 symfony/security 3 composer/composer 3 twig/twig 3 icecoder/icecoder 3 rudloff/alltube 3 shopware/storefront 3 oro/platform 3 silverstripe/graphql 3 facade/ignition 3 limesurvey/limesurvey 3 gilacms/gila 3 shopxo/shopxo 2 studio-42/elfinder 2 protobuf 2 github.com/protocolbuffers/protobuf 2 Google.Protobuf 2 com.google.protobuf:protobuf-parent 2 google/protobuf 2 verot/class.upload.php 2 typo3/html-sanitizer 2 badaso/core 2 ether/logs 2 wintercms/winter 2 opencart/opencart 2 silverstripe/cms 2 dweeves/magmi 2 phpfastcache/phpfastcache 2 appwrite/server-ce 2 ibexa/admin-ui 2 symfony/cache 2 buddypress/buddypress 2 symfony/security-bundle 2 yoast-seo-for-typo3/yoast_seo 2 exceedone/exment 2 billz/raspap-webgui 2 exceedone/laravel-admin 2 miniorange/miniorange-saml 2 october/october 2 laravel/laravel 2 yiisoft/yii2-dev 2 topthink/think 2 ezsystems/ezplatform-rest 2 neos/neos 2 s-cart/s-cart 2 azuracast/azuracast 2 bolt/core 2 erusev/parsedown 2 anchorcms/anchor-cms 2 guzzlehttp/psr7 2 croogo/croogo 2 squizlabs/php_codesniffer 2 codeigniter4/shield 2 ptrofimov/beanstalk_console 2 symfony/framework-bundle 2 modx/revolution 2 latte/latte 2 oro/commerce 2 processwire/processwire 2 noumo/easyii 2 typo3/cms-backend 2 drupal/drupal 2 october/rain 2 getkirby/panel 2 react/http 2 privatebin/privatebin 2 unisharp/laravel-filemanager 2 league/commonmark 2 pixelfed/pixelfed 2 aheinze/cockpit 2 api-platform/core 2 typo3fluid/fluid 2 laminas/laminas-diactoros 2 admidio/admidio 2 packbackbooks/lti-1-3-php-library 2 cuyz/valinor 2 phpseclib/phpseclib 2 yiisoft/yii2-gii 2 codiad/codiad 2 helloxz/imgurl 2 filegator/filegator 2 joomla/archive 1 harvesthq/chosen 1 livehelperchat/livehelperchat 1 simplesamlphp/simplesamlphp-module-openid 1 spipu/html2pdf 1 vova07/yii2-fileapi-widget 1 vanilla/safecurl 1 pimcore/perspective-editor 1 xataface/xataface 1 contao/managed-edition 1 litespeed.js 1 pear/crypt_gpg 1 laravel/fortify 1 sabberworm/php-css-parser 1 web-auth/webauthn-framework 1 phpmussel/phpmussel 1 ectouch/ectouch 1 php-mod/curl 1 hillelcoren/invoice-ninja 1 orchid/platform 1 neorazorx/facturascripts 1 personnummer/personnummer 1 Sylius/Sylius 1 sylius/grid-bundle 1 laminas/laminas-form 1 ibexa/post-install 1 silverstripe/hybridsessions 1 matyhtf/framework 1 yiisoft/yii 1 melisplatform/melis-front 1 melisplatform/melis-cms 1 bmarshall511/wordpress_zero_spam 1 statamic/cms 1 yeswiki/yeswiki 1 jsdecena/laracom 1 ezsystems/ezpublish-legacy 1 librenms/librenms/ 1 pimcore/data-hub 1 fenom/fenom 1 webcoast/deferred-image-processing 1 prestashop/gamification 1 bootstrap-3-typeahead 1 bassjobsen/bootstrap-3-typeahead 1 wpanel/wpanel4-cms 1 ecodev/newsletter 1 pwweb/laravel-core 1 silverstripe/subsites 1 sitegeist/fluid-components 1 area17/twill 1 genix/cms 1 ibexa/user 1 terminal42/contao-tablelookupwizard 1 mediawiki/matomo 1 luyadev/yii-helpers 1 tastyigniter/tastyigniter 1 prestashop/ps_facetedsearch 1 mantisbt/mantisbt 1 s-cart/core 1 wp-graphql/wp-graphql 1 netgen/tagsbundle 1 gaoming13/wechat-php-sdk 1 innologi/typo3-appointments 1 adodb/adodb-php 1 fixpunkt/fp-masterquiz 1 silverstripe/versioned-admin 1 DotNetCasClient 1 flarum/tags 1 jasig/phpcas 1 zendframework/zend-http 1 org.jasig.cas:cas-client 1 mojo42/jirafeau 1 apereo/phpcas 1 lms/routes 1 phpunit/phpunit 1 arc/web 1 brotkrueml/schema 1 brotkrueml/typo3-matomo-integration 1 topthink/thinkphp 1 userfrosting/userfrosting 1 sylius/paypal-plugin 1 krayin/laravel-crm 1 fixpunkt/fp-newsletter 1 silverstripe/silverstripe-omnipay 1 symfony/security-guard 1 gos/web-socket-bundle 1 symfont/process 1 symfony/serializer 1 marcwillmann/turn 1 codeception/codeception 1 cakephp/database 1 simplito/elliptic-php 1 liftkit/database 1 simplesamlphp/simplesamlphp-module-openidprovider 1 bagisto/bagisto 1 cesnet/simplesamlphp-module-proxystatistics 1 symfony/mime 1 mittwald/typo3_forum 1 zendframework/zend-feed 1 zendframework/zend-diactoros 1 ezsystems/ezplatform 1 ezsystems/ezplatform-graphql 1 kitodo/presentation 1 phpservermon/phpservermon 1 doctrine/dbal 1 barrelstrength/sprout-base-email 1 contao/contao 1 barrelstrength/sprout-forms 1 knplabs/knp-snappy 1 neoan3-apps/template 1 himiklab/yii2-jqgrid-widget 1 in2code/lux 1 bk2k/bootstrap-package 1 phpmyfaq/phpmyfaq 1 gree/jose 1