CVE-2015-8379
Cross-Site Request Forgery (CSRF) in packagist/cakephp/cakephp
Identifiers
GHSA-556q-h4vr-pgh2, CVE-2015-8379
Package Slug
packagist/cakephp/cakephp
Vulnerability
Cross-Site Request Forgery (CSRF)
Description
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
Affected Versions
All versions starting from 2.0.0-alpha before 3.1.5
Solution
Upgrade to version 3.1.5 or above.
Last Modified
2023-01-16
| source |