Flxm

**Name of the Vulnerable Software and Affected Versions** CakePHP versions 1.2.8 through 1.3.5 **Description** The issue allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted `data[ Token][fields]` value that is processed by the `unserialize` function. This can be demonstrated by modifying the `file map` cache to execute arbitrary local files. The ` validatePost` function in `libs/controller/components/security.php` is the vulnerable component. **Recommendations** For CakePHP versions 1.2.8 through 1.3.5, consider disabling the ` validatePost` function in `libs/controller/components/security.php` until a patch is available. Restrict access to the `file map` cache to minimize the risk of exploitation. Avoid using the `data[ Token][fields]` value in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.