Vulnerability CVE-2019-11458
Published: 2019-05-08

Description:
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Cakefoundation -> Cakephp 

 References:
https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html
https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
https://github.com/cakephp/cakephp/commits/master
https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7
https://github.com/cakephp/cakephp/releases
Copyright 2024, cxsecurity.com

 

Back to Top