CVE-2020-15400

MEDIUM4.3EPSS 0.08%

Cross-Site Request Forgery in CakePHP

Published: 2/10/2022Modified: 4/28/2026

Also known as:GHSA-j33j-fg2g-mcv2DEBIAN-CVE-2020-15400

Description

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N