Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2015-8379
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-26 Jan, 2016 | 19:59
Updated At-12 Apr, 2025 | 10:46

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
cakephp
cakephp
>>cakephp>>2.0.0
cpe:2.3:a:cakephp:cakephp:2.0.0:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.0
cpe:2.3:a:cakephp:cakephp:2.0.0:alpha:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.0
cpe:2.3:a:cakephp:cakephp:2.0.0:beta:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.0
cpe:2.3:a:cakephp:cakephp:2.0.0:dev:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.0
cpe:2.3:a:cakephp:cakephp:2.0.0:rc1:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.0
cpe:2.3:a:cakephp:cakephp:2.0.0:rc2:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.0
cpe:2.3:a:cakephp:cakephp:2.0.0:rc3:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.1
cpe:2.3:a:cakephp:cakephp:2.0.1:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.2
cpe:2.3:a:cakephp:cakephp:2.0.2:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.3
cpe:2.3:a:cakephp:cakephp:2.0.3:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.4
cpe:2.3:a:cakephp:cakephp:2.0.4:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.5
cpe:2.3:a:cakephp:cakephp:2.0.5:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.0.6
cpe:2.3:a:cakephp:cakephp:2.0.6:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.0
cpe:2.3:a:cakephp:cakephp:2.1.0:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.0
cpe:2.3:a:cakephp:cakephp:2.1.0:alpha:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.0
cpe:2.3:a:cakephp:cakephp:2.1.0:beta:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.0
cpe:2.3:a:cakephp:cakephp:2.1.0:rc1:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.1
cpe:2.3:a:cakephp:cakephp:2.1.1:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.2
cpe:2.3:a:cakephp:cakephp:2.1.2:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.3
cpe:2.3:a:cakephp:cakephp:2.1.3:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.4
cpe:2.3:a:cakephp:cakephp:2.1.4:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.1.5
cpe:2.3:a:cakephp:cakephp:2.1.5:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.0
cpe:2.3:a:cakephp:cakephp:2.2.0:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.0
cpe:2.3:a:cakephp:cakephp:2.2.0:beta:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.0
cpe:2.3:a:cakephp:cakephp:2.2.0:rc1:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.0
cpe:2.3:a:cakephp:cakephp:2.2.0:rc2:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.1
cpe:2.3:a:cakephp:cakephp:2.2.1:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.2
cpe:2.3:a:cakephp:cakephp:2.2.2:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.3
cpe:2.3:a:cakephp:cakephp:2.2.3:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.4
cpe:2.3:a:cakephp:cakephp:2.2.4:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.5
cpe:2.3:a:cakephp:cakephp:2.2.5:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.6
cpe:2.3:a:cakephp:cakephp:2.2.6:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.7
cpe:2.3:a:cakephp:cakephp:2.2.7:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.8
cpe:2.3:a:cakephp:cakephp:2.2.8:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.2.9
cpe:2.3:a:cakephp:cakephp:2.2.9:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.0
cpe:2.3:a:cakephp:cakephp:2.3.0:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.0
cpe:2.3:a:cakephp:cakephp:2.3.0:beta:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.0
cpe:2.3:a:cakephp:cakephp:2.3.0:rc1:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.0
cpe:2.3:a:cakephp:cakephp:2.3.0:rc2:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.1
cpe:2.3:a:cakephp:cakephp:2.3.1:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.2
cpe:2.3:a:cakephp:cakephp:2.3.2:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.3
cpe:2.3:a:cakephp:cakephp:2.3.3:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.4
cpe:2.3:a:cakephp:cakephp:2.3.4:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.5
cpe:2.3:a:cakephp:cakephp:2.3.5:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.6
cpe:2.3:a:cakephp:cakephp:2.3.6:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.7
cpe:2.3:a:cakephp:cakephp:2.3.7:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.8
cpe:2.3:a:cakephp:cakephp:2.3.8:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.9
cpe:2.3:a:cakephp:cakephp:2.3.9:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.3.10
cpe:2.3:a:cakephp:cakephp:2.3.10:*:*:*:*:*:*:*
cakephp
cakephp
>>cakephp>>2.4.0
cpe:2.3:a:cakephp:cakephp:2.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bakery.cakephp.org/2015/11/29/cakephp_315_released.htmlcve@mitre.org
Vendor Advisory
http://blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.htmlcve@mitre.org
Exploit
http://karmainsecurity.com/KIS-2016-01cve@mitre.org
Exploit
http://packetstormsecurity.com/files/135301/CakePHP-3.2.0-CSRF-Bypass.htmlcve@mitre.org
Exploit
http://seclists.org/fulldisclosure/2016/Jan/42cve@mitre.org
Exploit
http://www.securityfocus.com/archive/1/537317/100/0/threadedcve@mitre.org
N/A
https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0cve@mitre.org
Patch
http://bakery.cakephp.org/2015/11/29/cakephp_315_released.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://karmainsecurity.com/KIS-2016-01af854a3a-2127-422b-91ae-364da2661108
Exploit
http://packetstormsecurity.com/files/135301/CakePHP-3.2.0-CSRF-Bypass.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://seclists.org/fulldisclosure/2016/Jan/42af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.securityfocus.com/archive/1/537317/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0af854a3a-2127-422b-91ae-364da2661108
Patch
Change History
0Changes found
Details not found