Description

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.

Remediation

References

CVE-2006-5031

Related Vulnerabilities

MySQL CVE-2017-10296 Vulnerability (CVE-2017-10296)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.14)

WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.5)

PHP CVE-2004-1063 Vulnerability (CVE-2004-1063)

Nexus Repository Manager Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2017-17717)

Severity

Medium

Classification

CVE-2006-5031 CWE-22

Tags

Missing Update Known Vulnerabilities