CakePHP is a rapid development framework for PHP that provides an extensible
architecture for developing, maintaining, and deploying applications. Using
commonly known design patterns like MVC and ORM within the convention over
configuration paradigm, CakePHP reduces development costs and helps developers
write less code.
CakePHP is vulnerable to a file inclusion attack because of its use of the "unserialize()" function on unchecked user input. This makes it possible to inject arbitary objects into the scope.
- Upgrade CakePHP to the latest version.