CVE-2011-3712
medium
CVSS v3
—
CVSS v2
5.0
VIR risk
5.0
Description
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | cakephp/cakephp | >=1.3.7,<1.3.8 | 1.3.8 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cakephp | cakephp | 1.3.7 | |
References
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.