CakePHP is vulnerable to a file inclusion attack because of its use of the "unserialize()" function on unchecked user input. This makes it possible to inject arbitary objects into the scope.
Source: http://securityreason.com/securityalert/8026 PoC: http://malloc.im/burnedcake.py
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
