Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by cakephp
CVE-2026-48820 (GCVE-0-2026-48820)
Vulnerability from cvelistv5 – Published: 2026-06-17 21:19 – Updated: 2026-06-18 13:54
VLAI
Title
CakePHP: View::element() is missing a path containment check
Summary
CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/cakephp/cakephp/security/advis… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T13:52:33.657255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T13:54:12.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cakephp",
"vendor": "cakephp",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3.0, \u003c 5.3.6"
},
{
"status": "affected",
"version": "\u003e= 5.2.0, \u003c 5.2.13"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.7"
},
{
"status": "affected",
"version": "\u003e= 4.6.0, \u003c 4.6.4"
},
{
"status": "affected",
"version": "\u003c 4.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T21:19:44.238Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-wpvj-hjcr-h3p2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-wpvj-hjcr-h3p2"
}
],
"source": {
"advisory": "GHSA-wpvj-hjcr-h3p2",
"discovery": "UNKNOWN"
},
"title": "CakePHP: View::element() is missing a path containment check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48820",
"datePublished": "2026-06-17T21:19:44.238Z",
"dateReserved": "2026-05-22T20:57:10.977Z",
"dateUpdated": "2026-06-18T13:54:12.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23643 (GCVE-0-2026-23643)
Vulnerability from cvelistv5 – Published: 2026-01-16 20:38 – Updated: 2026-01-16 21:21
VLAI
Title
CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
Summary
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/cakephp/cakephp/security/advis… | x_refsource_CONFIRM |
| https://github.com/cakephp/cakephp/issues/19172 | x_refsource_MISC |
| https://github.com/cakephp/cakephp/commit/c842e7f… | x_refsource_MISC |
| https://bakery.cakephp.org/2026/01/14/cakephp_5212.html | x_refsource_MISC |
| https://github.com/cakephp/cakephp/releases/tag/5.2.12 | x_refsource_MISC |
| https://github.com/cakephp/cakephp/releases/tag/5.3.1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23643",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:21:32.578620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:21:56.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cakephp",
"vendor": "cakephp",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.2.10, \u003c 5.2.12"
},
{
"status": "affected",
"version": "\u003e= 5.3.0, \u003c 5.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T20:38:45.170Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5"
},
{
"name": "https://github.com/cakephp/cakephp/issues/19172",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/issues/19172"
},
{
"name": "https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f"
},
{
"name": "https://bakery.cakephp.org/2026/01/14/cakephp_5212.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://bakery.cakephp.org/2026/01/14/cakephp_5212.html"
},
{
"name": "https://github.com/cakephp/cakephp/releases/tag/5.2.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/releases/tag/5.2.12"
},
{
"name": "https://github.com/cakephp/cakephp/releases/tag/5.3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/releases/tag/5.3.1"
}
],
"source": {
"advisory": "GHSA-qh8m-9qxx-53m5",
"discovery": "UNKNOWN"
},
"title": "CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23643",
"datePublished": "2026-01-16T20:38:45.170Z",
"dateReserved": "2026-01-14T16:08:37.483Z",
"dateUpdated": "2026-01-16T21:21:56.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-22727 (GCVE-0-2023-22727)
Vulnerability from cvelistv5 – Published: 2023-01-17 20:41 – Updated: 2025-03-10 21:22
VLAI
Title
Database Query::offset() and limit() vulnerable to SQL injection in cakephp
Summary
CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/cakephp/cakephp/security/advis… | x_refsource_CONFIRM |
| https://github.com/cakephp/cakephp/commit/3f463e7… | x_refsource_MISC |
| https://bakery.cakephp.org/2023/01/06/cakephp_421… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:50.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp"
},
{
"name": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239"
},
{
"name": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:15.575626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:22:35.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cakephp",
"vendor": "cakephp",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0, \u003c 4.2.12"
},
{
"status": "affected",
"version": "\u003e= 4.3.0, \u003c 4.3.11"
},
{
"status": "affected",
"version": "\u003e= 4.4.0, \u003c 4.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP\u0027s Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T20:41:10.143Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp"
},
{
"name": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239"
},
{
"name": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html"
}
],
"source": {
"advisory": "GHSA-6g8q-qfpv-57wp",
"discovery": "UNKNOWN"
},
"title": "Database Query::offset() and limit() vulnerable to SQL injection in cakephp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22727",
"datePublished": "2023-01-17T20:41:10.143Z",
"dateReserved": "2023-01-06T14:21:05.890Z",
"dateUpdated": "2025-03-10T21:22:35.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35239 (GCVE-0-2020-35239)
Vulnerability from cvelistv5 – Published: 2021-01-20 23:37 – Updated: 2024-08-04 17:02
VLAI
Summary
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bakery.cakephp.org/2020/12/07/cakephp_401… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:07.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bakery.cakephp.org/2020/12/07/cakephp_4010_released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T23:37:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bakery.cakephp.org/2020/12/07/cakephp_4010_released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bakery.cakephp.org/2020/12/07/cakephp_4010_released.html",
"refsource": "MISC",
"url": "https://bakery.cakephp.org/2020/12/07/cakephp_4010_released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35239",
"datePublished": "2021-01-20T23:37:02.000Z",
"dateReserved": "2020-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:02:07.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11458 (GCVE-0-2019-11458)
Vulnerability from cvelistv5 – Published: 2019-05-08 17:07 – Updated: 2024-08-04 22:55
VLAI
Summary
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/cakephp/cakephp/releases | x_refsource_MISC |
| https://github.com/cakephp/cakephp/compare/3.7.6.… | x_refsource_MISC |
| https://github.com/cakephp/cakephp/commits/master | x_refsource_MISC |
| https://bakery.cakephp.org/2019/04/23/cakephp_377… | x_refsource_CONFIRM |
| https://github.com/cakephp/cakephp/commit/1a74e79… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/commits/master"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-08T17:07:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cakephp/cakephp/commits/master"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cakephp/cakephp/releases",
"refsource": "MISC",
"url": "https://github.com/cakephp/cakephp/releases"
},
{
"name": "https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7",
"refsource": "MISC",
"url": "https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7"
},
{
"name": "https://github.com/cakephp/cakephp/commits/master",
"refsource": "MISC",
"url": "https://github.com/cakephp/cakephp/commits/master"
},
{
"name": "https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html",
"refsource": "CONFIRM",
"url": "https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html"
},
{
"name": "https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e",
"refsource": "CONFIRM",
"url": "https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11458",
"datePublished": "2019-05-08T17:07:54.000Z",
"dateReserved": "2019-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4793 (GCVE-0-2016-4793)
Vulnerability from cvelistv5 – Published: 2017-01-23 21:00 – Updated: 2024-08-06 00:39
VLAI
Summary
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://support.citrix.com/article/CTX236992 | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/39813/ | exploitx_refsource_EXPLOIT-DB |
| http://legalhackers.com/advisories/CakePHP-IP-Spo… | x_refsource_MISC |
| http://www.securityfocus.com/bid/95846 | vdb-entryx_refsource_BID |
| https://bakery.cakephp.org/2016/03/13/cakephp_261… | x_refsource_CONFIRM |
Date Public
2016-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX236992"
},
{
"name": "39813",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39813/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt"
},
{
"name": "95846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-23T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX236992"
},
{
"name": "39813",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39813/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt"
},
{
"name": "95846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX236992",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX236992"
},
{
"name": "39813",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39813/"
},
{
"name": "http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt",
"refsource": "MISC",
"url": "http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt"
},
{
"name": "95846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95846"
},
{
"name": "https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html",
"refsource": "CONFIRM",
"url": "https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4793",
"datePublished": "2017-01-23T21:00:00.000Z",
"dateReserved": "2016-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:39:26.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8379 (GCVE-0-2015-8379)
Vulnerability from cvelistv5 – Published: 2016-01-26 19:00 – Updated: 2024-08-06 08:13
VLAI
Summary
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/135301/CakeP… | x_refsource_MISC |
| http://blog.mindedsecurity.com/2016/01/request-pa… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/537317/100… | mailing-listx_refsource_BUGTRAQ |
| http://karmainsecurity.com/KIS-2016-01 | x_refsource_MISC |
| http://bakery.cakephp.org/2015/11/29/cakephp_315_… | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2016/Jan/42 | mailing-listx_refsource_FULLDISC |
| https://github.com/cakephp/cakephp/commit/0f818a2… | x_refsource_CONFIRM |
Date Public
2015-11-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135301/CakePHP-3.2.0-CSRF-Bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.html"
},
{
"name": "20160115 [KIS-2016-01] CakePHP \u003c= 3.2.0 \"_method\" CSRF Protection Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537317/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2016-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bakery.cakephp.org/2015/11/29/cakephp_315_released.html"
},
{
"name": "20160115 [KIS-2016-01] CakePHP \u003c= 3.2.0 \"_method\" CSRF Protection Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/42"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135301/CakePHP-3.2.0-CSRF-Bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.html"
},
{
"name": "20160115 [KIS-2016-01] CakePHP \u003c= 3.2.0 \"_method\" CSRF Protection Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537317/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2016-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bakery.cakephp.org/2015/11/29/cakephp_315_released.html"
},
{
"name": "20160115 [KIS-2016-01] CakePHP \u003c= 3.2.0 \"_method\" CSRF Protection Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/42"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/135301/CakePHP-3.2.0-CSRF-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135301/CakePHP-3.2.0-CSRF-Bypass.html"
},
{
"name": "http://blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.html",
"refsource": "MISC",
"url": "http://blog.mindedsecurity.com/2016/01/request-parameter-method-may-lead-to.html"
},
{
"name": "20160115 [KIS-2016-01] CakePHP \u003c= 3.2.0 \"_method\" CSRF Protection Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537317/100/0/threaded"
},
{
"name": "http://karmainsecurity.com/KIS-2016-01",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2016-01"
},
{
"name": "http://bakery.cakephp.org/2015/11/29/cakephp_315_released.html",
"refsource": "CONFIRM",
"url": "http://bakery.cakephp.org/2015/11/29/cakephp_315_released.html"
},
{
"name": "20160115 [KIS-2016-01] CakePHP \u003c= 3.2.0 \"_method\" CSRF Protection Bypass Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/42"
},
{
"name": "https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0",
"refsource": "CONFIRM",
"url": "https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8379",
"datePublished": "2016-01-26T19:00:00.000Z",
"dateReserved": "2015-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:13:32.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3712 (GCVE-0-2011-3712)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-17 00:36
VLAI
Summary
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cakephp-1.3.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cakephp-1.3.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cakephp-1.3.7",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cakephp-1.3.7"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3712",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:34.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4335 (GCVE-0-2010-4335)
Vulnerability from cvelistv5 – Published: 2011-01-14 22:00 – Updated: 2024-08-07 03:43
VLAI
Summary
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/cakephp/cakephp/commit/e431e86… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/16011 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/files/view/95847/b… | x_refsource_MISC |
| http://www.osvdb.org/69352 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/8026 | third-party-advisoryx_refsource_SREASON |
| http://malloc.im/CakePHP-unserialize.txt | x_refsource_MISC |
| http://secunia.com/advisories/42211 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"
},
{
"name": "16011",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/16011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"
},
{
"name": "69352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69352"
},
{
"name": "8026",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://malloc.im/CakePHP-unserialize.txt"
},
{
"name": "42211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-22T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"
},
{
"name": "16011",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/16011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"
},
{
"name": "69352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69352"
},
{
"name": "8026",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://malloc.im/CakePHP-unserialize.txt"
},
{
"name": "42211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb",
"refsource": "CONFIRM",
"url": "https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb"
},
{
"name": "16011",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16011"
},
{
"name": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt"
},
{
"name": "69352",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69352"
},
{
"name": "8026",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8026"
},
{
"name": "http://malloc.im/CakePHP-unserialize.txt",
"refsource": "MISC",
"url": "http://malloc.im/CakePHP-unserialize.txt"
},
{
"name": "42211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4335",
"datePublished": "2011-01-14T22:00:00.000Z",
"dateReserved": "2010-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5031 (GCVE-0-2006-5031)
Vulnerability from cvelistv5 – Published: 2006-09-27 23:00 – Updated: 2024-08-07 19:32
VLAI
Summary
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/22040 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| http://cakeforge.org/frs/shownotes.php?release_id=134 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/20150 | vdb-entryx_refsource_BID |
Date Public
2006-09-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:23.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cakephp-vendors-information-disclosure(29115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29115"
},
{
"name": "22040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00114-09212006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cakeforge.org/frs/shownotes.php?release_id=134"
},
{
"name": "20150",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with \"%00\" and a .js filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cakephp-vendors-information-disclosure(29115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29115"
},
{
"name": "22040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00114-09212006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cakeforge.org/frs/shownotes.php?release_id=134"
},
{
"name": "20150",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with \"%00\" and a .js filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cakephp-vendors-information-disclosure(29115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29115"
},
{
"name": "22040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22040"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00114-09212006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00114-09212006"
},
{
"name": "http://cakeforge.org/frs/shownotes.php?release_id=134",
"refsource": "CONFIRM",
"url": "http://cakeforge.org/frs/shownotes.php?release_id=134"
},
{
"name": "20150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5031",
"datePublished": "2006-09-27T23:00:00.000Z",
"dateReserved": "2006-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:23.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4067 (GCVE-0-2006-4067)
Vulnerability from cvelistv5 – Published: 2006-08-10 00:00 – Updated: 2024-08-07 18:57
VLAI
Summary
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/19372 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/21383 | third-party-advisoryx_refsource_SECUNIA |
| http://cakeforge.org/frs/shownotes.php?release_id=124 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/3172 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19372"
},
{
"name": "21383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cakeforge.org/frs/shownotes.php?release_id=124"
},
{
"name": "ADV-2006-3172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3172"
},
{
"name": "cakephp-error-xss(28256)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 (\"Not Found\") error page. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19372"
},
{
"name": "21383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cakeforge.org/frs/shownotes.php?release_id=124"
},
{
"name": "ADV-2006-3172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3172"
},
{
"name": "cakephp-error-xss(28256)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 (\"Not Found\") error page. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19372"
},
{
"name": "21383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21383"
},
{
"name": "http://cakeforge.org/frs/shownotes.php?release_id=124",
"refsource": "CONFIRM",
"url": "http://cakeforge.org/frs/shownotes.php?release_id=124"
},
{
"name": "ADV-2006-3172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3172"
},
{
"name": "cakephp-error-xss(28256)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4067",
"datePublished": "2006-08-10T00:00:00.000Z",
"dateReserved": "2006-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:57:46.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}