CVE-2010-4335 — CakePHP allows remote attackers to modify internal Cake cache and execute arbitr

Description

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

How to fix CVE-2010-4335

To remediate CVE-2010-4335, upgrade the affected package to a fixed version below.

Debian/cakephp—upgrade to 1.3.2-1.1 or later
—upgrade to 1.3.6 or later

Is CVE-2010-4335 being exploited?

Likely — EPSS is 82.6%, placing CVE-2010-4335 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (2)

from 0, < 1.3.2-1.1
>= 1.2.8, < 1.3.6

References (10)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-4335
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4335
PATCHgithub.com/cakephp/cakephp
WEBmalloc.im/CakePHP-unserialize.txt
WEB