Candidate: CVE-2010-4335
PublicDate: 2011-01-14 23:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4335
Description:
 The _validatePost function in libs/controller/components/security.php in
 CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the
 internal Cake cache and execute arbitrary code via a crafted
 data[_Token][fields] value that is processed by the unserialize function,
 as demonstrated by modifying the file_map cache to execute arbitrary local
 files.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_cakephp:
upstream_cakephp: released (1.3.2-1.1)
dapper_cakephp: DNE
hardy_cakephp: ignored (reached end-of-life)
karmic_cakephp: ignored (reached end-of-life)
lucid_cakephp: ignored (reached end-of-life)
maverick_cakephp: ignored (reached end-of-life)
natty_cakephp: not-affected (1.3.2-1.1)
oneiric_cakephp: not-affected (1.3.2-1.1)
precise_cakephp: not-affected (1.3.2-1.1)
quantal_cakephp: not-affected (1.3.2-1.1)
raring_cakephp: not-affected (1.3.2-1.1)
saucy_cakephp: not-affected (1.3.2-1.1)
devel_cakephp: not-affected (1.3.2-1.1)