CVE-2015-8379

Cross-Site Request Forgery (CSRF) in packagist/cakephp/cakephp

Identifiers

GHSA-556q-h4vr-pgh2, CVE-2015-8379

Package Slug

packagist/cakephp/cakephp

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

Affected Versions

All versions starting from 2.0.0-alpha before 3.1.5

Solution

Upgrade to version 3.1.5 or above.

Last Modified

2023-01-16

source