CakePHP XML External Entity Injection Vulnerability
The original article can be found at: http://www.securityfocus.com/bid/54474
The information has been provided by Pawel h0wl Wylecial .
* CakePHP XML External Entity Injection Vulnerability
Attackers can exploit this issue to obtain potentially sensitive information from local files on computers running the vulnerable application and carry out other attacks.
CakePHP 2.0 through version 2.2.0-RC2 are vulnerable.
Currently we are not aware of any vendor-supplied patches
Initial Release:Jul 16 2012