Lucene search

RedhatCVELIST:CVE-2011-4962

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4962

2022-10-0316:15:13

redhat

www.cve.org

vulnerability

silverstripe

remote code execution

crafted cookie

deserialization

7.5 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.3%

JSON

code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.

References

doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6

www.openwall.com/lists/oss-security/2012/04/30/1

www.openwall.com/lists/oss-security/2012/04/30/3

github.com/silverstripe/silverstripe-cms/commit/d15e850