Lucene search

GitHub Advisory DatabaseGHSA-RW73-XMPV-J5X2

HistoryMay 01, 2022 - 7:24 a.m.

CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files

2022-05-0107:24:12

CWE-22

GitHub Advisory Database

github.com

cakephp

directory traversal

vulnerability

remote attackers

arbitrary files

software foundation

vendors.php

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.013

Percentile

86.0%

JSON

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with %00 and a .js filename.

Affected configurations

Vulners

Node

cakephpcakephpRange1.0.1.2708–1.1.8.3544

VendorProductVersionCPE
cakephpcakephp*cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cakephp	cakephp	*	cpe:2.3:a:cakephp:cakephp::::::::

References

cakeforge.org/frs/shownotes.php?release_id=134

secunia.com/advisories/22040

www.gulftech.org/?node=research&article_id=00114-09212006

www.securityfocus.com/bid/20150

exchange.xforce.ibmcloud.com/vulnerabilities/29115

github.com/advisories/GHSA-rw73-xmpv-j5x2

nvd.nist.gov/vuln/detail/CVE-2006-5031

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.013

Percentile

86.0%

JSON

Related for GHSA-RW73-XMPV-J5X2