Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories: GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA

CakePHP vulnerable to Remote File Inclusion through View template name manipulation

CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.

Permalink: https://github.com/advisories/GHSA-p76f-wr22-4rv6

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 15 days ago
Updated: 15 days ago

Identifiers: GHSA-p76f-wr22-4rv6
References:

Affected Packages

packagist:cakephp/cakephp
Versions: >= 3.1.0, < 3.1.4, >= 3.0.0, < 3.0.15, >= 2.7.0, < 2.7.6, >= 2.6.0, < 2.6.12, >= 2.5.0, < 2.5.99, >= 2.4.0, < 2.4.99, >= 2.3.0, < 2.3.99, >= 2.2.0, < 2.2.99, >= 2.1.0, < 2.1.99, >= 2.0.0, < 2.0.99
Fixed in: 3.1.4, 3.0.15, 2.7.6, 2.6.12, 2.5.99, 2.4.99, 2.3.99, 2.2.99, 2.1.99, 2.0.99