CVE-2012-4399
The CVE-2012-4399 issue affects CakePHP’s Xml class: versions 2.1.x prior to 2.1.5 and 2.2.x prior to 2.2.1 are vulnerable to an XML external entity (XXE) injection that lets remote attackers read arbitrary files via XML data containing external entity references. Root cause is improper handling ...