SSD Advisory – CakePHP Multiple Vulnerabilities

Vulnerability Description The following advisory describes two (2) different vulnerabilities. One related to CakePHP framework and the other in a product that uses the CakePHP framework: CakePHP Arbitrary Source Address Spoofing Croogo ACL Bypass Credit An independent security researcher Dawid Golunski ( has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program