N/A

CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.

N/A

N/A

CakePHP敏感信息泄露漏洞

CakePHP是美国Cake软件基金会的一个基于MVC架构的、开源的Web开发框架。该框架具有灵活的视图缓存、自动生成CRUD代码等功能。 CakePHP 1.3.7版本中存在漏洞。由于在错误信息中揭露了安装路径，远程攻击者可借助直接请求.php文件获得敏感信息，该漏洞已在dispatcher.php和某些其他文件中证实。

N/A

N/A