The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
References
Link | Resource |
---|---|
http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1 | Broken Link Vendor Advisory |
http://seclists.org/bugtraq/2012/Jul/101 | Exploit Mailing List Third Party Advisory |
http://secunia.com/advisories/49900 | Broken Link Vendor Advisory |
http://www.exploit-db.com/exploits/19863 | Exploit Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2012/09/03/1 | Mailing List |
http://www.openwall.com/lists/oss-security/2012/09/03/2 | Mailing List |
http://www.osvdb.org/84042 | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-10-03T16:15:34
Updated: 2022-10-03T16:15:34
Reserved: 2022-10-03T00:00:00
Link: CVE-2012-4399
JSON object: View
NVD Information
Status : Analyzed
Published: 2012-10-09T23:55:05.047
Modified: 2024-02-15T03:23:23.083
Link: CVE-2012-4399
JSON object: View
Redhat Information
No data.
CWE