pkg:Packagist/cakephp/cakephp

所有已知漏洞

• CRITICAL9.8CVE-2023-22727CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
  >= 4.2.0, < 4.2.12
• HIGH8.8CVE-2020-35239CakePHP allows method override parameters to bypass CSRF checks
  >= 4.0.0, < 4.0.10
• HIGH8.8CVE-2015-8379CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
  >= 2.0.0-alpha, < 3.1.5
• HIGH7.5CVE-2012-4399CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
  >= 2.1.0-alpha, < 2.1.5
• HIGH7.5CVE-2016-4793cakephp - security update
  >= 1.2.0, < 2.6.13
• HIGH7.5CVE-2019-11458Unsafe deserialization in SmtpTransport in CakePHP
  >= 3.0.0, < 3.5.18
• MEDIUM6.5CVE-2006-4067Cross-site scripting (XSS) vulnerability in CakePHP
  >= 1.0.1.2708, < 1.1.7.3363
• MEDIUM5.4CVE-2026-23643CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
  >= 5.2.10, < 5.2.12
• MEDIUM4.3CVE-2020-15400Cross-Site Request Forgery in CakePHP
  >= 4.0.0, < 4.0.6
• —CVE-2010-4335CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
  >= 1.2.8, < 1.3.6
• —CVE-2011-3712CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
  >= 1.3.7, < 1.3.8
• —CVE-2006-5031CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
  >= 1.0.1.2708, < 1.1.8.3544