HIGH
Cakephp
CVE published 2017-01-23
CVE-2016-4793
CVE-2016-4793 is an IP-spoofing flaw in CakePHP’s clientIp() helper. On affected versions, a remote attacker can supply a CLIENT-IP header value that is treated as the client address, which can undermine IP-based security controls and audit data. The NVD record rates the issue HIGH with network access required but no authentication or user interaction.