CVE-2019-11458
HIGHCakePHP 3.7.6 - Arbitrary File Write via Unserialized Object in SmtpTransport
Title source: llmDescription
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.
References (5)
Core 5
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/cakephp/cakephp/releases
Patch, Third Party Advisory x_refsource_misc
https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7
Patch, Third Party Advisory x_refsource_misc
https://github.com/cakephp/cakephp/commits/master
Third Party Advisory x_refsource_confirm
https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html
Patch, Third Party Advisory x_refsource_confirm
https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
Scores
CVSS v3
7.5
EPSS
0.0206
EPSS Percentile
78.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-502
Status
published
Products (2)
cakephp/cakephp
3.7.6
cakephp/cakephp
3.0.0 - 3.5.18Packagist
Published
May 08, 2019
Tracked Since
Feb 18, 2026