2 matches found
CVE-2010-5091
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...
CVE-2010-5091
The CVE-2010-5091 vulnerability affects SilverStripe 2.3.x (before 2.3.8) and 2.4.x (before 2.4.1), where the setName function in filesystem/File.php allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing an uploaded file’s extension. Root cause: in...