MEDIUM

GHSA-wpvj-hjcr-h3p2

CakePHP: View::element() is missing a path containment check

상세

### Impact `View::_getElementFileName()` does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server.

### Patches Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11.

### Workarounds If developers are not using user-supplied data in element names, no action is required.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Packagist / cakephp/cakephp

최초 영향 버전: 5.3.0 수정 버전: 5.3.6

수정 composer require cakephp/cakephp:^5.3.6

Packagist / cakephp/cakephp

최초 영향 버전: 5.2.0 수정 버전: 5.2.13

수정 composer require cakephp/cakephp:^5.2.13

Packagist / cakephp/cakephp

최초 영향 버전: 5.0.0 수정 버전: 5.1.7

수정 composer require cakephp/cakephp:^5.1.7

Packagist / cakephp/cakephp

최초 영향 버전: 4.6.0 수정 버전: 4.6.4

수정 composer require cakephp/cakephp:^4.6.4

Packagist / cakephp/cakephp

최초 영향 버전: 0 수정 버전: 4.5.11

수정 composer require cakephp/cakephp:^4.5.11

참고

https://github.com/cakephp/cakephp/security/advisories/GHSA-wpvj-hjcr-h3p2 [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-48820 [ADVISORY]
https://github.com/cakephp/cakephp [PACKAGE]