CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cakefoundation:cakephp:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.1.0:rc:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.1.0:beta:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:cakefoundation:cakephp:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.2.0-beta:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:2.2.0:rc1:*:*:*:*:*:*

Information

Published : 2012-10-09 16:55

Updated : 2013-07-29 23:28


NVD link : CVE-2012-4399

Mitre link : CVE-2012-4399


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

cakefoundation

  • cakephp