Описание
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.3.15-1 |
| hardy | not-affected | |
| lucid | not-affected | |
| natty | not-affected | |
| oneiric | not-affected | |
| precise | not-affected | |
| upstream | not-affected |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 all ...
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
5 Medium
CVSS2
7.5 High
CVSS3