Описание
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | DNE | |
| devel | not-affected | |
| esm-apps/xenial | not-affected | 2.8.0-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1.3.15-1+deb7u2build0.14.04.1]] |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 53%
0.00301
Низкий
5 Medium
CVSS2
Связанные уязвимости
nvd
больше 14 лет назад
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
github
больше 3 лет назад
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
EPSS
Процентиль: 53%
0.00301
Низкий
5 Medium
CVSS2