CVE-2015-8379

HIGH

CakePHP 2.x and 3.x < 3.1.5 - Cross-Site Request Forgery Bypass via _method Parameter

Title source: llm
STIX 2.1

Description

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

Scores

CVSS v3 8.8
EPSS 0.0140
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (35)
cakephp/cakephp 2.0.0 (7 CPE variants)
cakephp/cakephp 2.0.1
cakephp/cakephp 2.0.2
cakephp/cakephp 2.0.3
cakephp/cakephp 2.0.4
cakephp/cakephp 2.0.5
cakephp/cakephp 2.0.6
cakephp/cakephp 2.1.0 (4 CPE variants)
cakephp/cakephp 2.1.1
cakephp/cakephp 2.1.2
... and 25 more
Published Jan 26, 2016
Tracked Since Feb 18, 2026