Description
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google AdSense Click-Fraud Monitoring Cross-Site Scripting (1.8.6)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-41524)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10545)
PHP Other Vulnerability (CVE-2003-1303)
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.2.727)