Описание
Silverstripe CMS Arbitrary Code Execution
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4962
- https://github.com/silverstripe/silverstripe-cms/commit/d15e8509b01ff2dbbe3028a055021a29b1065b22
- https://web.archive.org/web/20120621234353/http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6
- http://www.openwall.com/lists/oss-security/2012/04/30/1
- http://www.openwall.com/lists/oss-security/2012/04/30/3
Пакеты
Наименование
silverstripe/cms
composer
Затронутые версииВерсия исправления
>= 2.4.0, < 2.4.6
2.4.6
Связанные уязвимости
nvd
больше 13 лет назад
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
debian
больше 13 лет назад
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x befor ...