Description
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Remediation
References
Related Vulnerabilities
WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2)
WordPress Plugin BuddyPress PHP Object Injection (2.0.2)
WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)
WebLogic CVE-2023-22108 Vulnerability (CVE-2023-22108)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5489)