CVE-2011-4962
published 2012-09-17CVE-2011-4962: code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.92%
89.0th percentile
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silverstripe | cms | >= 2.4.0 < 2.4.6 | 2.4.6 |
| silverstripe | silverstripe | — | — |
| silverstripe | silverstripe | — | — |
| silverstripe | silverstripe | — | — |
| silverstripe | silverstripe | — | — |
| silverstripe | silverstripe | — | — |
| silverstripe | silverstripe | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Silverstripe CMS Arbitrary Code Execution
osv·2022-05-17
CVE-2011-4962 [MEDIUM] Silverstripe CMS Arbitrary Code Execution
Silverstripe CMS Arbitrary Code Execution
`code/sitefeatures/PageCommentInterface.php` in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
GHSA
Silverstripe CMS Arbitrary Code Execution
ghsa·2022-05-17
CVE-2011-4962 [MEDIUM] CWE-20 Silverstripe CMS Arbitrary Code Execution
Silverstripe CMS Arbitrary Code Execution
`code/sitefeatures/PageCommentInterface.php` in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6http://www.openwall.com/lists/oss-security/2012/04/30/1http://www.openwall.com/lists/oss-security/2012/04/30/3https://github.com/silverstripe/silverstripe-cms/commit/d15e850http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6http://www.openwall.com/lists/oss-security/2012/04/30/1http://www.openwall.com/lists/oss-security/2012/04/30/3https://github.com/silverstripe/silverstripe-cms/commit/d15e850
2012-09-17
Published