Lucene search
GoogleOSV:GHSA-5964-PQ8R-4Q62HistoryMay 17, 2022 - 5:07 a.m.
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
2022-05-1705:07:14
Google
osv.dev
9
cakephp
xml
external entity
injection
vulnerability
EPSS
0.06
Percentile
93.6%
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
References
bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
seclists.org/bugtraq/2012/Jul/101
secunia.com/advisories/49900
www.exploit-db.com/exploits/19863
www.openwall.com/lists/oss-security/2012/09/03/1
www.openwall.com/lists/oss-security/2012/09/03/2
www.osvdb.org/84042
github.com/cakephp/cakephp
nvd.nist.gov/vuln/detail/CVE-2012-4399
Related
prion
prion
Xxe
2012-10-09 23:55:00
github
github
cve
cve
CVE-2012-4399
2012-10-09 23:55:05
exploitdb
exploitdb
CakePHP 2.x < 2.2.0-RC2 - XML External Entity Injection
2012-07-16 00:00:00
debiancve
debiancve
CVE-2012-4399
2012-10-09 23:55:05
ubuntucve
ubuntucve
CVE-2012-4399
2012-10-09 00:00:00
nvd
nvd
CVE-2012-4399
2012-10-09 23:55:05
cvelist
cvelist
CVE-2012-4399
2012-10-09 23:00:00