Lucene search
K

4 matches found

OSV
OSV
added 2006/09/27 11:7 p.m.7 views

CVE-2006-5031

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...

6.5AI score
Exploits0References6
CVE
CVE
added 2006/09/27 11:0 p.m.77 views

CVE-2006-5031

The CVE-2006-5031 vulnerability affects CakePHP up to version 1.1.8.3544, in the file app/webroot/js/vendors.php. The issue is a directory traversal in the file parameter, where an attacker can supply a .. sequence followed by a filename ending with %00 and a .js filename, enabling reading of arb...

5CVSS6.6AI score0.07342EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2006/09/27 11:0 p.m.38 views

CVE-2006-5031

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...

5CVSS6.4AI score0.07342EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2006/09/25 12:0 a.m.38 views

CakePHP vendors.php file Parameter Traversal Arbitrary File Access

The remote host is running CakePHP, an open source rapid development framework for PHP. The version of CakePHP on the remote host allows directory traversal sequences in the 'file' parameter of the 'js/vendors.php' script. An unauthenticated attacker may be able to leverage this flaw to view...

5CVSS5.6AI score0.07342EPSS
Exploits1References4
Rows per page
Query Builder