CVE-2011-3712

Exposure of Sensitive Information to an Unauthorized Actor in packagist/cakephp/cakephp

Identifiers

GHSA-r7p6-fr3x-r877, CVE-2011-3712

Package Slug

packagist/cakephp/cakephp

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.

Affected Versions

Version 1.3.7

Solution

Upgrade to version 1.3.8 or above.

Last Modified

2023-01-18

source