GMS-2023-67: CakePHP allows direct access of prefixed controller actions
Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters.
References
- bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html
- github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-08-06.yaml
- github.com/advisories/GHSA-6hg4-vp5q-47mw
- github.com/cakephp/cakephp/commit/056f24a77428ad35e23cab6840a72b7c25c4ccc0
- github.com/cakephp/cakephp/releases/tag/2.5.9
- github.com/cakephp/cakephp/releases/tag/2.6.11
- github.com/cakephp/cakephp/releases/tag/2.7.2
Detect and mitigate GMS-2023-67 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →