CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files

2022-05-0107:24:12

Google

osv.dev

cakephp

directory traversal

remote attackers

arbitrary files

security vulnerability

software foundation

EPSS

0.013

Percentile

86.0%

JSON

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with %00 and a .js filename.