{"id":"CVE-2006-5031","details":"Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with \"%00\" and a .js filename.","aliases":["GHSA-rw73-xmpv-j5x2"],"modified":"2026-04-10T03:37:48.732101Z","published":"2006-09-27T23:07:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/22040"},{"type":"EVIDENCE","url":"http://www.gulftech.org/?node=research&article_id=00114-09212006"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/20150"},{"type":"FIX","url":"http://www.securityfocus.com/bid/20150"},{"type":"WEB","url":"http://cakeforge.org/frs/shownotes.php?release_id=134"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29115"}],"schema_version":"1.7.5"}