CVE-2011-4962

code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.

Published: Sep 17, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-4962
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
silverstripe / silverstripe	2.4.1	2.4.1.x
silverstripe / silverstripe	2.4.0	2.4.0.x
silverstripe / silverstripe	2.4.2	2.4.2.x
silverstripe / silverstripe	2.4.4	2.4.4.x
silverstripe / silverstripe	2.4.3	2.4.3.x
silverstripe / silverstripe	2.4.5	2.4.5.x

http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6
http://www.openwall.com/lists/oss-security/2012/04/30/1
http://www.openwall.com/lists/oss-security/2012/04/30/3
https://github.com/silverstripe/silverstripe-cms/commit/d15e850

Vulnerability Database

CVE-2011-4962