CVE-2010-4335

Опубликовано: 14 янв. 2011

Источник: nvd

CVSS2: 7.5

EPSS Высокий

Описание

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cakefoundation:cakephp:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3:dev:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.0:alpha:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.0:beta:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.0:rc1:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.0:rc2:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.0:rc3:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.0:rc4:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:cakephp:cakephp:1.3.5:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.82639

Высокий

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2010-4335

ubuntu

почти 15 лет назад

CVE-2010-4335

debian

почти 15 лет назад

The _validatePost function in libs/controller/components/security.php ...

GHSA-g2vx-8v47-4vhh

github

больше 3 лет назад

CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code

EPSS

Процентиль: 99%

0.82639

Высокий

7.5 High

CVSS2

Дефекты

CWE-20