[Owasp-Malaysia] CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability

C0r3 Machin3gun c0r3machin3gun at gmail.com
Tue Jan 18 03:19:52 EST 2011

CakePHP is vulnerable to a file inclusion attack because of its use of the
"unserialize()" function on unchecked user input. This makes it possible to
inject arbitary objects into the scope.

Source: http://securityreason.com/securityalert/8026

PoC: http://malloc.im/burnedcake.py
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110118/1a7a7ab2/attachment.html 

More information about the Owasp-Malaysia mailing list