Hi Balint, On Sat, Jul 23, 2016 at 08:55:39PM +0200, Bálint Réczey wrote: > TEMP-0000000-698CF7: cakephp: XML class SSRF vulnerability > CVE-2015-8379: CakePHP 2.x and 3.x before 3.1.5 might allow remote > attackers to bypass the CSRF protection mechanism via the _method > parameter.
Since one of the issues has (and probably will never get a CVE id), I have cloned this bugreport to identify the two issues separatly via the security-tracker and the bug number. Btw, please never use TEMP-.* as identifier, it is not meant to be stable. You will see that the above is not anymore valid. Regards, Salvatore
