The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is process…
[cakephp/cakephp] CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
References
https://nvd.nist….
[spree] Spree does not properly restrict the use of a hash to provide values for a model’s attributes
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a “mass assignment” vuln…
[spree_auth_devise] spree_auth_devise allows remote authenticated users to assign arbitrary roles to themselves
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
References
https…
[cakephp/cakephp] CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
References
https://nvd.nist.gov/v…
[sup] Sup Code Injection vulnerability
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
References
https://nvd.nist.gov/vuln/detail/CVE-2013-4478
https://github.com/sup-heli…
[fat_free_crm] Fat Free CRM vulnerable to Exposure of Sensitive Information
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
References
…
[fat_free_crm] Fat Free CRM has fixed token value
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
References
…
[fat_free_crm] Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controlle…
[fat_free_crm] Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
References
https://nvd.nist.gov/vuln/detail/CVE-2013-72…