Moderate severityNVD Advisory· Published Sep 27, 2006· Updated Apr 23, 2026
CVE-2006-5031
CVE-2006-5031
Description
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cakephp/cakephpPackagist | >= 1.0.1.2708, < 1.1.8.3544 | 1.1.8.3544 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.gulftech.orgnvdExploitWEB
- www.securityfocus.com/bid/20150nvdExploitPatchWEB
- secunia.com/advisories/22040nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-rw73-xmpv-j5x2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-5031ghsaADVISORY
- cakeforge.org/frs/shownotes.phpnvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/29115nvdWEB
News mentions
0No linked articles in our index yet.