Lucene search

GitHub Advisory DatabaseGHSA-GV6C-59H4-9PMG

HistoryMay 17, 2022 - 5:22 a.m.

Silverstripe CMS Arbitrary Code Execution

2022-05-1705:22:06

CWE-20

CWE-502

GitHub Advisory Database

github.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.3%

JSON

code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.

Affected configurations

Vulners

Node

silverstriperegistryRange<2.4.6silverstripe

CPENameOperatorVersion
silverstripe/cmslt2.4.6

CPE	Name	Operator	Version
	silverstripe/cms	lt	2.4.6

References

www.openwall.com/lists/oss-security/2012/04/30/1

www.openwall.com/lists/oss-security/2012/04/30/3

github.com/advisories/GHSA-gv6c-59h4-9pmg

github.com/silverstripe/silverstripe-cms/commit/d15e8509b01ff2dbbe3028a055021a29b1065b22

nvd.nist.gov/vuln/detail/CVE-2011-4962

web.archive.org/web/20120621234353/doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.3%

JSON

Related for GHSA-GV6C-59H4-9PMG