Vulnerabilities > CVE-2012-4399 - XXE vulnerability in Cakefoundation Cakephp
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | CakePHP 2.x-2.2.0-RC2 XXE Injection. CVE-2012-4399. Webapps exploit for php platform |
| file | exploits/php/webapps/19863.txt |
| id | EDB-ID:19863 |
| last seen | 2016-02-02 |
| modified | 2012-07-16 |
| platform | php |
| port | |
| published | 2012-07-16 |
| reporter | Pawel Wylecial |
| source | https://www.exploit-db.com/download/19863/ |
| title | CakePHP 2.x-2.2.0-RC2 XXE Injection |
| type | webapps |
References
- http://secunia.com/advisories/49900
- http://www.openwall.com/lists/oss-security/2012/09/03/2
- http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
- http://www.openwall.com/lists/oss-security/2012/09/03/1
- http://seclists.org/bugtraq/2012/Jul/101
- http://www.osvdb.org/84042
- http://www.exploit-db.com/exploits/19863