header-logo
Suggest Exploit
vendor:
CakePHP
by:
SecurityFocus
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: CakePHP
Affected Version From: 1.1.7.3633
Affected Version To: 1.1.7.3633
Patch Exists: YES
Related CWE: N/A
CPE: a:cakephp:cakephp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

CakePHP Directory Traversal Vulnerability

CakePHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20150/info

CakePHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. 

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

Version 1.1.7.3633 is vulnerable; earlier versions may also be affected.

http://www.example.com/js/vendors.php?file=../../../../[file]%00foobar.js

Navigation

Suggest Exploit

Services By CQR