Full Disclosure

[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability

January 15, 2016 007admin Leave a comment

Posted by Egidio Romano on Jan 15

—————————————————————
CakePHP <= 3.2.0 “_method” CSRF Protection Bypass Vulnerability
—————————————————————

[-] Software Link:

http://cakephp.org

[-] Affected Versions:

Version 3.2.0 RC1 and prior 3.x versions.
Version 2.8.0 RC1 and prior 2.x versions.

[-] Vulnerability Description:

CakePHP provides some built-in security features…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information