PT-2023-33046 — Cakephp Cakephp

PT-2023-33046 · Cakephp · Cakephp

Published

2023-01-20

Updated

2023-01-20

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions CakePHP versions 2.x prior to 2.7.6 CakePHP versions 3.x prior to 3.1.4

Description The issue allows for Remote File Inclusion through View template name manipulation.

Recommendations For CakePHP versions 2.x prior to 2.7.6, update to version 2.7.6 or later. For CakePHP versions 3.x prior to 3.1.4, update to version 3.1.4 or later.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

GHSA-P76F-WR22-4RV6

Affected Products

Cakephp