Description
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Clio Grow Cross-Site Scripting (1.0)
WordPress Plugin Import/Export Customizer Settings Cross-Site Request Forgery (1.0.3)
Jenkins CVE-2023-43494 Vulnerability (CVE-2023-43494)
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-9069)
WordPress Plugin Mapplic-Custom Interactive Map Server-Side Request Forgery (6.1)