Описание
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cakephp | fixed | 2.8.0-1 | package | |
| cakephp | no-dsa | jessie | package | |
| cakephp | not-affected | wheezy | package |
Примечания
http://karmainsecurity.com/KIS-2016-01
https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0
EPSS
Процентиль: 16%
0.00051
Низкий
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 10 лет назад
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
CVSS3: 8.8
nvd
около 10 лет назад
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
CVSS3: 8.8
github
больше 3 лет назад
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
EPSS
Процентиль: 16%
0.00051
Низкий