RSS   Vulnerabilities for 'Cakephp'   RSS

2006-09-27
 
CVE-2006-5031

CWE-22
 

 
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.

 
2006-08-09
 
CVE-2006-4067

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.

 


Copyright 2024, cxsecurity.com

 

Back to Top