Lucene search

GitHub Advisory DatabaseGHSA-G2VX-8V47-4VHH

HistoryMay 17, 2022 - 5:44 a.m.

CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code

2022-05-1705:44:11

CWE-20

GitHub Advisory Database

github.com

cakephp

remote attackers

modify internal cache

execute arbitrary code

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.922

Percentile

99.0%

JSON

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

Affected configurations

Vulners

Node

cakephpcakephpRange1.2.8–1.3.6

VendorProductVersionCPE
cakephpcakephp*cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cakephp	cakephp	*	cpe:2.3:a:cakephp:cakephp::::::::

References

malloc.im/CakePHP-unserialize.txt

packetstormsecurity.org/files/view/95847/burnedcake.py.txt

secunia.com/advisories/42211

securityreason.com/securityalert/8026

www.exploit-db.com/exploits/16011

www.osvdb.org/69352

github.com/advisories/GHSA-g2vx-8v47-4vhh

github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb

nvd.nist.gov/vuln/detail/CVE-2010-4335

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.922

Percentile

99.0%

JSON

Related for GHSA-G2VX-8V47-4VHH