CRITICAL9.8CVE-2023-22727CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection >= 4.2.0, < 4.2.12
HIGH8.8CVE-2020-35239CakePHP allows method override parameters to bypass CSRF checks >= 4.0.0, < 4.0.10
HIGH8.8CVE-2015-8379CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter >= 2.0.0-alpha, < 3.1.5
HIGH7.5CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
>= 2.1.0-alpha, < 2.1.5
HIGH7.5CakePHP allows remote attackers to spoof their IP
>= 1.2.0, < 2.6.13
HIGH7.5Unsafe deserialization in SmtpTransport in CakePHP
>= 3.0.0, < 3.5.18
MEDIUM6.5Cross-site scripting (XSS) vulnerability in CakePHP
>= 1.0.1.2708, < 1.1.7.3363
MEDIUM5.4CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
>= 5.2.10, < 5.2.12
MEDIUM4.3Cross-Site Request Forgery in CakePHP
>= 4.0.0, < 4.0.6
—CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
>= 1.2.8, < 1.3.6
—CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
>= 1.3.7, < 1.3.8
—CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
>= 1.0.1.2708, < 1.1.8.3544