VYPR
Moderate severityNVD Advisory· Published Sep 27, 2006· Updated Jun 16, 2026

CVE-2006-5031

CVE-2006-5031

Description

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cakephp/cakephpPackagist
>= 1.0.1.2708, < 1.1.8.35441.1.8.3544

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.