Description

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.

Remediation

References

CVE-2019-11458

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9481)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll Unspecified Vulnerability (1.5.8.5)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3167)

WordPress Plugin JS Support Ticket Unspecified Vulnerability (1.1.1)

Oracle JRE CVE-2013-2424 Vulnerability (CVE-2013-2424)

Severity

High

Classification

CVE-2019-11458 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities