EUVD-2019-0800

Malware in sbrugna...

Arbitrary File Overwrite

cakephp/cakephp is vulnerable to arbitrary file overwrite. The SmtpTransport module could be used to overwrite arbitrary files on the web server during deserialization of malicious values...

Unsafe deserialization in SmtpTransport in CakePHP

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

GHSA-QHRX-HCM6-PMRW Unsafe deserialization in SmtpTransport in CakePHP

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

CVE-2019-11458

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

CVE-2019-11458

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

CVE-2019-11458

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

Design/Logic Flaw

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

CVE-2019-11458

CVE-2019-11458 affects CakePHP (SmtpTransport) in version 3.7.6 where an unserialized object with modified internal properties can trigger arbitrary file overwriting on destruction. The root cause is unsafe deserialization in SmtpTransport, enabling file overwrite with webserver write access. The...

CVE-2019-11458

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

CVE-2019-11458

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

PT-2019-12320 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP version 3.7.6 Description: An issue in SmtpTransport allows an unserialized object with modified internal properties to trigger arbitrary file overwriting upon destruction. Recommendations: For CakePHP version 3.7.6, consider disablin...

Remote Code Execution (RCE)

cakephp/cakephp is vulnerable to remote code execution RCE attacks. The vulnerability occurs due to unsafe serialization of a socket in SmtpTransport.php in a broken state...

CakePHP 3.7.7, 3.6.15 and 3.5.18 released

CakePHP 3.7.7, 3.6.15 and 3.5.18 released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.7.7, 3.6.15 and 3.5.18. These releases contain a security related fix for CVE-2019-11458. The vulnerability affects applications that open serialized content from user inpu...

Unsafe deserialization in SmtpTransport

More info at https://bakery.cakephp.org/2019/04/23/cakephp37736153518released.html...

CakePHP 3.1.4, 3.0.15, 2.7.6 and 2.6.12 released

CakePHP 3.1.4, 3.0.15, 2.7.6 and 2.6.12 released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.1.4, 3.0.15, 2.7.6, and 2.6.12. These releases contain security fixes. 3.1.4 and 2.7.6 also contain bugfixes. Security Fixes These releases contain fixes for a Remot...