← back
CVE-2016-4793

CVE-2016-4793

EPSS 5.1%
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/39813/unverifiedexploitdbwww.exploit-db.com/exploits/39813unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txthttps://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.htmlhttps://support.citrix.com/article/CTX236992https://www.exploit-db.com/exploits/39813/http://www.securityfocus.com/bid/95846