Path Traversal in Cakephp
CVE-2026-48820
CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Cakephp — versions >= 5.3.0, < 5.3.6, >= 5.2.0, < 5.2.13, >= 5.0.0, < 5.1.7
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)