GHSA-556q-h4vr-pgh2, CVE-2015-8379
packagist/cakephp/cakephp
Cross-Site Request Forgery (CSRF)
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
All versions starting from 2.0.0-alpha before 3.1.5
Upgrade to version 3.1.5 or above.
2023-01-16
source |