Vulnerability Details : CVE-2010-4335
Public exploit exists!
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-4335
Probability of exploitation activity in the next 30 days: 92.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-4335
-
CakePHP Cache Corruption Code Execution
Disclosure Date: 2010-11-15First seen: 2020-04-26exploit/unix/webapp/cakephp_cache_corruptionCakePHP is a popular PHP framework for building web applications. The Security component of CakePHP versions 1.3.5 and earlier and 1.2.8 and earlier is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary
CVSS scores for CVE-2010-4335
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-4335
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4335
-
http://packetstormsecurity.org/files/view/95847/burnedcake.py.txt
CakePHP 1.3.5 / 1.2.8 Cache Corruption ≈ Packet StormExploit
-
http://securityreason.com/securityalert/8026
CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability - CXSecurity.com
-
http://www.exploit-db.com/exploits/16011
CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion - PHP webapps Exploit
-
https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
Fixing issue found by Felix Wilhelm(flxm) where users could send pote… · cakephp/cakephp@e431e86 · GitHubPatch
-
http://malloc.im/CakePHP-unserialize.txt
Exploit
Products affected by CVE-2010-4335
- cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.0:beta:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3:dev:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cakefoundation:cakephp:1.3.1:*:*:*:*:*:*:*