Description

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Remediation

References

CVE-2012-4399

Related Vulnerabilities

WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2)

WordPress Plugin BuddyPress PHP Object Injection (2.0.2)

WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)

WebLogic CVE-2023-22108 Vulnerability (CVE-2023-22108)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5489)

Severity

Medium

Classification

CVE-2012-4399 CWE-264

Tags

Missing Update Known Vulnerabilities