5 matches found
CakePHP Cache Corruption Code Execution (CVE-2010-4335)
A remote code execution vulnerability exists in CakePHP. The vulnerability is due to the way the security component of CakePHP fails to validate user input. A remote attacker can exploit this issue by sending a specially crafted HTTP request...
CVE-2010-4335
The validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted dataTokenfields value that is processed by the unserialize function, as demonstrated by...
CVE-2010-4335
The validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted dataTokenfields value that is processed by the unserialize function, as demonstrated by...
CVE-2010-4335
CakePHP 1.2.8 and 1.3.x up to 1.3.5 are affected. The _validatePost function in libs/controller/components/security.php processes a crafted data[_Token][fields] value with unserialize, allowing remote attackers to modify the internal Cake cache and execute arbitrary code (demonstrated via modifyi...
CVE-2010-4335
creationtimestamp| type| source ---|---|--- 2011-01-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16902 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/cakephpcachecorruption.rb 2025-02-06 03:13:40+00:00|...