VYPR
High severity7.5NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026

CVE-2016-4793

CVE-2016-4793

Description

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cakephp/cakephpPackagist
>= 1.2.0, < 2.6.132.6.13
cakephp/cakephpPackagist
>= 2.7.0-rc1, < 2.7.112.7.11
cakephp/cakephpPackagist
>= 2.8.0-rc1, < 2.8.22.8.2
cakephp/cakephpPackagist
>= 3.0.0-rc1, < 3.0.173.0.17
cakephp/cakephpPackagist
>= 3.1.0-beta1, < 3.1.123.1.12
cakephp/cakephpPackagist
>= 3.2.0-rc1, < 3.2.53.2.5

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.