Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2011-4962
cve-2011-4962
silverstripe
remote code execution
deserialization
security vulnerability
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.026 Low
EPSS
Percentile
90.3%
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Affected configurations
Node
silverstripesilverstripeMatch2.4.0
ORsilverstripesilverstripeMatch2.4.1
ORsilverstripesilverstripeMatch2.4.2
ORsilverstripesilverstripeMatch2.4.3
ORsilverstripesilverstripeMatch2.4.4
ORsilverstripesilverstripeMatch2.4.5
References
Social References
More
Related
prion
prion
Code injection
2012-09-17 17:55:00
osv
osv
Silverstripe CMS Arbitrary Code Execution
2022-05-17 05:22:06
nvd
nvd
CVE-2011-4962
2012-09-17 17:55:02
cvelist
cvelist
CVE-2011-4962
2022-10-03 16:15:13
github
github
Silverstripe CMS Arbitrary Code Execution
2022-05-17 05:22:06
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.026 Low
EPSS
Percentile
90.3%
Related for CVE-2011-4962