Lucene search
RedhatCVELIST:CVE-2010-5091HistoryAug 26, 2012 - 6:00 p.m.
CVE-2010-5091
2012-08-2618:00:00
redhat
www.cve.org
1
silverstripe
file.php
remote authenticated users
cms author privileges
arbitrary php code
uploaded file
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
References
dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt
doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8
doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1
open.silverstripe.org/changeset/107273
open.silverstripe.org/ticket/5693
www.openwall.com/lists/oss-security/2012/04/30/1
www.openwall.com/lists/oss-security/2012/04/30/3
www.openwall.com/lists/oss-security/2012/05/01/3
Related
prion
prion
Code injection
2012-08-26 18:55:00
cve
cve
CVE-2010-5091
2012-08-26 18:55:01
nvd
nvd
CVE-2010-5091
2012-08-26 18:55:01