Описание
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Ссылки
- Broken LinkVendor Advisory
- ExploitMailing ListThird Party Advisory
- Broken LinkVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing List
- Mailing List
- Broken Link
- Broken LinkVendor Advisory
- ExploitMailing ListThird Party Advisory
- Broken LinkVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing List
- Mailing List
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия от 2.1.0 (включая) до 2.1.5 (исключая)Версия от 2.2.0 (включая) до 2.2.1 (исключая)
Одно из
cpe:2.3:a:cakefoundation:cakephp:*:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.24917
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 13 лет назад
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
CVSS3: 7.5
debian
больше 13 лет назад
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 all ...
CVSS3: 7.5
github
больше 3 лет назад
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
EPSS
Процентиль: 96%
0.24917
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611