Lucene search

GitHub Advisory DatabaseGHSA-R7P6-FR3X-R877

HistoryMay 17, 2022 - 5:31 a.m.

CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file

2022-05-1705:31:33

CWE-200

GitHub Advisory Database

github.com

cakephp

remote attackers

sensitive information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

70.2%

JSON

CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.

Affected configurations

Vulners

Node

cakephpcakephpMatch1.3.7

VendorProductVersionCPE
cakephpcakephp1.3.7cpe:2.3:a:cakephp:cakephp:1.3.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cakephp	cakephp	1.3.7	cpe:2.3:a:cakephp:cakephp:1.3.7:::::::*

References

code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README

code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cakephp-1.3.7

www.openwall.com/lists/oss-security/2011/06/27/6

github.com/advisories/GHSA-r7p6-fr3x-r877

nvd.nist.gov/vuln/detail/CVE-2011-3712

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

70.2%

JSON

Related for GHSA-R7P6-FR3X-R877