CakePHP Xml class SSRF Vulnerability

Posted by Takeshi Terada on Oct 15

=============================================================================
Title : CakePHP Xml class SSRF Vulnerability
CVE Number : N/A (not assigned)
Affected Software : Confirmed on CakePHP v3.0.5 (prior versions may
also be affected)
Credit : Takeshi Terada of Mitsui Bussan Secure Directions, Inc.
http://www.mbsd.jp/
Issue Status : v3.0.6/2.6.6 was released which fixes this issue…

007 Software

CakePHP Xml class SSRF Vulnerability

Software and Security Information