Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP prior to 1.1.8.3544 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cakefoundation cakephp |