High severity7.5NVD Advisory· Published Oct 9, 2012· Updated Jun 16, 2026
CVE-2012-4399
CVE-2012-4399
Description
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cakephp/cakephpPackagist | >= 2.1.0-alpha, < 2.1.5 | 2.1.5 |
cakephp/cakephpPackagist | >= 2.2.0-beta, < 2.2.1 | 2.2.1 |
Affected products
2Patches
Vulnerability mechanics
References
9- seclists.org/bugtraq/2012/Jul/101nvdExploitMailing ListThird Party AdvisoryWEB
- www.exploit-db.com/exploits/19863nvdExploitThird Party AdvisoryVDB EntryWEB
- bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1nvdBroken LinkVendor AdvisoryWEB
- secunia.com/advisories/49900nvdBroken LinkVendor AdvisoryWEB
- github.com/advisories/GHSA-5964-pq8r-4q62ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-4399ghsaADVISORY
- www.openwall.com/lists/oss-security/2012/09/03/1nvdMailing ListWEB
- www.openwall.com/lists/oss-security/2012/09/03/2nvdMailing ListWEB
- www.osvdb.org/84042nvdBroken LinkWEB
News mentions
0No linked articles in our index yet.