Skip to main content

CakePHP security issue - even in thechaw.com (written by core dev)

CakePHP security issue



Recently I have stumbled upon thechaw.com--written by CakePHP core dev and developed in CakePHP. I just wanted to check if they have fixed the old security issue in CakePHP and found that the issue is still open.

Proof of concept


CakePHP Security Issue

CakePHP memory error



In another time, found a famous memory error even in bakery.cakephp.org

CakePHP memory error

Bottom line



CakePHP is open source and so you can fix these issues by yourself
Labels:

Comments

Post a Comment

Popular posts from this blog

Open source resume templates with JSON-LD (SEO-friendly) support

I don't usually keep track of the projects that I worked on. I have been recently advised to keep resume updated with the projects list. And so I have searched for resume templates and tools. Indian resume Vs International resume During the process, I have found that there are vast differences between the format of Indian resumes and International resumes. Indian resumes are extremely verbose with number of projects, team size, client name, etc. whereas international format is more succinct and short. So I was kind of lost in the process in adopting the template. LinkedIn to the rescue? No. Unfortunately, LinkedIn format is "common" and is not easy to update. Moreover, these days LinkedIn has become signupware [sic] and so accessing resume is a nightmare. Enter JSON Resume JSON Resume is an awesome open source approach for creating resume. I accidentally came across while searching for JSON-LD format for resume. Couple of great features: Resume hosting (op...
Post a Comment
Read more

Anna Hazare hype, irresponsibile media?

In recent times, barkhagate scam clearly shows that the Indian media is much corrupt than the politicians. They give unnecessary hype to certain things to get TRP . Ever since Anna has gone compared himself with Gandhi and Shivaji , it was clear that he's trying to draw politicians attention. It was a clean tactic than what Medha Patkar or any maoists couldn't get such hype. The TwitGens [sic] can't really understand how a Lokpal (ombudsman) system can even be corrupt; remember that the author of Savaukku did quit from DVAC (Directorate of Vigilance and Anti-Corruption). Economic Times article on this issue shares my views; I don't understand why they couldn't get such views published in Times of India. I think, we can't expect anything good from the media that's vehemently pushing AIADMK. Will Lok Pal be a Super Bureaucrat? Anna Hazare: Was Lok Pal protest compatible with constitutional democracy?
Post a Comment
Read more

How girls ruin...?

மது, à®®ாது, சூது (liquor, girl, crookedness) - Tamil tantras list down one's reason for fall/collapse. In recent times, I'm hearing many relational breakups and personal collapse due to "girl". Some even seem to have damaged career, business, friends, family, etc. I'm thinking, how come such girls are getting cabal and ruin things... Not to blame it on them--but to blame it on guys...
Post a Comment
Read more