4 matches found
CVE-2006-5031
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...
CVE-2006-5031
The CVE-2006-5031 vulnerability affects CakePHP up to version 1.1.8.3544, in the file app/webroot/js/vendors.php. The issue is a directory traversal in the file parameter, where an attacker can supply a .. sequence followed by a filename ending with %00 and a .js filename, enabling reading of arb...
CVE-2006-5031
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...
CakePHP vendors.php file Parameter Traversal Arbitrary File Access
The remote host is running CakePHP, an open source rapid development framework for PHP. The version of CakePHP on the remote host allows directory traversal sequences in the 'file' parameter of the 'js/vendors.php' script. An unauthenticated attacker may be able to leverage this flaw to view...