vendor:
CakePHP
by:
tdz, Felix Wilhelm
6.8
CVSS
MEDIUM
Unserialize Attack
502
CWE
Product Name: CakePHP
Affected Version From: CakePHP <= 1.3.5 / 1.2.8
Affected Version To: CakePHP <= 1.3.5 / 1.2.8
Patch Exists: YES
Related CWE: CVE-2010-4335
CPE: a:cakephp:cakephp
Metasploit:
N/A
Other Scripts:
https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/webapp/cakephp_cache_corruption, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/admin/http/jboss_deploymentfilerepository, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/http/exchange_proxylogon_rce
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2010
CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
CakePHP is a popular PHP framework for building web applications. The Security component of CakePHP is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver.
Mitigation:
Upgrade to CakePHP version 1.3.6 or 1.2.9