Description
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Unspecified Vulnerability (1.53)
WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.7)
WordPress Plugin Follow Me Cross-Site Request Forgery (3.1.1)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2019-10097)
WordPress Plugin Twitter Friends Widget Cross-Site Scripting (3.1)