NVD

Id
15590  
Name
CVE-2010-4335  
Description
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2011-01-14  
Modified Date
2011-01-22  
Seq
2010-4335  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
88229 15590 CVE-2010-4335 http://malloc.im/CakePHP-unserialize.txt  View
88230 15590 CVE-2010-4335 http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt  View
88231 15590 CVE-2010-4335 8026  View
88232 15590 CVE-2010-4335 16011  View
88233 15590 CVE-2010-4335 https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
33661 JVNDB-2011-003903 CakePHP の _validatePost 関数における内部 Cake キャッシュを変更される脆弱性 CakePHP の libs/controller/components/security.php の _validatePost 関数には、内部 Cake キャッシュを変更される、および任意のコマンドを実行される脆弱性が存在します。 CVE-2010-4335 46915 CVE-2010-4335 15590 7.5 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003903.html 2011-01-14 2012-03-27 View