CVE: CVE-2012-4399

Export to Word

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.24917
Percentile: 0.959

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-611 : Improper Restriction of XML External Entity Reference

All CAPEC(s)

CAPEC-221: Data Serialization External Entities Blowup

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:cakefoundation:cakephp:*:*:*:*:*:*:*:*
cpe:2.3:a:cakefoundation:cakephp:*:*:*:*:*:*:*:*

← Back to Home