CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code

CVE-2010-4335 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

Basic information

Type: reviewed
Severity: high
Advisory on GitHub: Open advisory ↗
Repository advisory: —
Source code: Browse source ↗
Published (advisory): 2022-05-17 05:44:11 UTC
Updated: 2023-01-30 05:03:47 UTC
GitHub reviewed: 2023-01-14 05:29:31 UTC
NVD published: 2011-01-14

EPSS Score

Score	Percentile
82.64%	99.19%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Type	Value
GHSA	GHSA-g2vx-8v47-4vhh ↗
CVE	CVE-2010-4335 ↗

CWEs

CWE id	Name
CWE-20	Improper Input Validation

Credits

ravage84 (analyst)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem	Package	Vulnerable range	First patched	Vulnerable functions
composer	cakephp/cakephp	>= 1.2.8, < 1.3.6	1.3.6	—

References

cvelogic Threat Intelligence