CVE-2010-4335

Cakefoundation Cakephp < 1.3.6 - Improper Input Validation

Title source: rule

Description

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16902

View Code ZIP pw:eip

exploitdb WORKING POC

by felix · textwebappsphp

https://www.exploit-db.com/exploits/16011

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by tdz, Felix Wilhelm · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/cakephp_cache_corruption.rb

View Code ZIP pw:eip

References (7)

[Exploit] http://malloc.im/CakePHP-unserialize.txt

[Exploit] http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt

[Vendor Advisory] http://secunia.com/advisories/42211

[Third Party Advisory] http://securityreason.com/securityalert/8026

[Third Party Advisory, VDB Entry] http://www.osvdb.org/69352

[Patch] https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/16011

Scores

EPSS 0.8264

EPSS Percentile 99.2%

Details

CWE

CWE-20

Status published

Products (10)

cakefoundation/cakephp 1.3.0

cakephp/cakephp 1.2.8

cakephp/cakephp 1.3 dev

cakephp/cakephp 1.3.0 alpha (6 CPE variants)

cakephp/cakephp 1.3.1

cakephp/cakephp 1.3.2

cakephp/cakephp 1.3.3

cakephp/cakephp 1.3.4

cakephp/cakephp 1.3.5

cakephp/cakephp 1.2.8 - 1.3.6Packagist

Published Jan 14, 2011

Tracked Since Feb 18, 2026