CVE-2015-8379

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

Date published : 2016-01-26

http://www.securityfocus.com/archive/1/537317/100/0/threaded

http://bakery.cakephp.org/2015/11/29/cakephp_315_released.html