Описание
CakePHP SecurityComponent cross form submission issue
Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues.
Пакеты
Наименование
cakephp/cakephp
composer
Затронутые версииВерсия исправления
>= 2.0.0, < 2.4.8
2.4.8
Наименование
cakephp/cakephp
composer
Затронутые версииВерсия исправления
>= 1.3.0, < 1.3.18
1.3.18