CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files

Description

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with %00 and a .js filename.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Browse source ↗
Published (advisory)
2022-05-01 07:24:12 UTC
Updated
2023-01-30 05:03:44 UTC
GitHub reviewed
2023-01-14 05:31:09 UTC
NVD published
2006-09-27

EPSS Score

Score Percentile
6.88% 90.98%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Credits

  • ravage84 (analyst)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
composer cakephp/cakephp >= 1.0.1.2708, < 1.1.8.3544 1.1.8.3544

References

cvelogic Threat Intelligence