CVE-2006-5031

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2006-5031

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2006-5031.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2006-5031

Aliases

GHSA-rw73-xmpv-j5x2

Downstream

DEBIAN-CVE-2006-5031

Withdrawn

2026-01-27T04:07:27.529708Z

Published

2006-09-27T23:07:00Z

Modified

2026-01-27T04:07:27.529708Z

Summary

[none]

Details

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.

References

http://secunia.com/advisories/22040
http://www.gulftech.org/?node=research&article_id=00114-09212006
http://www.securityfocus.com/bid/20150
http://cakeforge.org/frs/shownotes.php?release_id=134
https://exchange.xforce.ibmcloud.com/vulnerabilities/29115

CVE-2006-5031

Affected packages