vendor:
CakePHP
by:
felix
7.5
CVSS
HIGH
File Inclusion
Unknown
CWE
Product Name: CakePHP
Affected Version From: 1.2.2008
Affected Version To: 1.3.2005
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Platforms Tested: Unknown
Unknown
CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability
CakePHP is vulnerable to a file inclusion attack because of its use of the "unserialize()" function on unchecked user input. This makes it possible to inject arbitrary objects into the scope.
Mitigation:
Unknown
