Description
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Arbitrary File Upload (1.9.12)
WordPress Plugin Image News slider 'upload.php' Arbitrary File Upload (3.3)
WordPress Plugin AStickyPostOrderER Cross-Site Scripting (0.3.1)
WordPress Plugin Apptivo eCommerce Multiple Cross-Site Scripting Vulnerabilities (1.1.5)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-20612)