An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nMnZ4LTh2NDctNHZoaM4AAgCu
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
_validatePost function in
libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted
data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the
file_map cache to execute arbitrary local files.
Source: GitHub Advisory Database
Published: over 1 year ago
Updated: 8 months ago
Identifiers: GHSA-g2vx-8v47-4vhh, CVE-2010-4335
Fixed in: 1.3.6