Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4335 — Improper Input Validation in Cakephp

CWE-20 — Improper Input Validation8 documents6 sources

Severity

7.5HIGHNVD

EPSS

82.6%

top 0.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cakephp Debian Cakephp Cakefoundation Cakephp

Timeline

PublishedJan 14

Latest updateMay 17

Description

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶debiandebian/cakephp< cakephp 1.3.2-1.1 (bullseye)

▶Packagistcakephp/cakephp1.2.8 — 1.3.6

▶Debiancakephp/cakephp< 1.3.2-1.1

▶NVDcakephp/cakephp8 versions+7

▶NVDcakefoundation/cakephp1.3.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code↗2022-05-17

▶

OSV

CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code↗2022-05-17

▶

OSV

CVE-2010-4335: The _validatePost function in libs/controller/components/security↗2011-01-14

▶

💥Exploits & PoCs

Exploit-DB

CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion↗2011-01-18

▶

Exploit-DB

CakePHP 1.3.5/1.2.8 - Cache Corruption (Metasploit)↗2011-01-14

▶

Metasploit

CakePHP Cache Corruption Code Execution↗

▶

📋Vendor Advisories

Debian

CVE-2010-4335: cakephp - The _validatePost function in libs/controller/components/security.php in CakePHP...↗2010

▶