CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

Date published : 2017-01-23

http://www.securityfocus.com/bid/95846

https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html