GHSA-wpvj-hjcr-h3p2Medium
CakePHP: View::element() is missing a path containment check
🔗 CVE IDs covered (1)
📋 Description
Impact
View::_getElementFileName() does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server.
Patches
Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11.
Workarounds
If developers are not using user-supplied data in element names, no action is required.
🎯 Affected products5
- composer/cakephp/cakephp:>= 5.3.0, < 5.3.6
- composer/cakephp/cakephp:>= 5.2.0, < 5.2.13
- composer/cakephp/cakephp:>= 5.0.0, < 5.1.7
- composer/cakephp/cakephp:>= 4.6.0, < 4.6.4
- composer/cakephp/cakephp:< 4.5.11