CakePHP XML External Entity Injection Vulnerability

Summary

CakePHP is prone to an XML External Entity injection vulnerability.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54474
The information has been provided by Pawel h0wl Wylecial .


Details

Vulnerable Systems:
 * CakePHP XML External Entity Injection Vulnerability

Attackers can exploit this issue to obtain potentially sensitive information from local files on computers running the vulnerable application and carry out other attacks.
CakePHP 2.0 through version 2.2.0-RC2 are vulnerable.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release:Jul 16 2012

Categories: News