Vendor: Cake Software Foundation
Version: <= 126.96.36.19963
CakePHP is a RAD (Rapid Application Framework) framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. Unfortunately CakePHP is vulnerable to an arbitrary file access vulnerability due to unsafe use of the readfile function that allows for an attacker to read any file on the system that the webserver has read access to. This could be used to read password files or sensitive configuration data etc. An updated version of CakePHP has been released and users encouraged to upgrade their CakePHP installations as soon as possible.
Arbitrary File Access
As seen above the only sanity checks made on the "file" variable are to see if it contains a *.js file name. Of course an attacker can easily bypass this check.
The CakePHP development team have released an updated version of CakePHP to address this issue. Users are encouraged to upgrade their CakePHP installations as soon as possible.
James Bercegay of the GulfTech Security Research Team