CVE-2010-4335 in CakePHPinfo

Zusammenfassung (Englisch)

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservieren

30.11.2010

Veröffentlichung

14.01.2011

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
56088	Cakefoundation CakePHP Cache unserialize erweiterte Rechte	20	High	Offizieller Fix	CVE-2010-4335

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

MITRE
NVD
CVE Details

◂ ZurückÜbersichtWeiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!