Vulnerability Details CVE-2011-4962
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.2%
CVSS Severity
CVSS v2 Score 6.8
References
- http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6
- http://www.openwall.com/lists/oss-security/2012/04/30/1
- http://www.openwall.com/lists/oss-security/2012/04/30/3
- https://github.com/silverstripe/silverstripe-cms/commit/d15e850
- http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6
- http://www.openwall.com/lists/oss-security/2012/04/30/1
- http://www.openwall.com/lists/oss-security/2012/04/30/3
- https://github.com/silverstripe/silverstripe-cms/commit/d15e850
Products affected by CVE-2011-4962
-
cpe:2.3:a:silverstripe:silverstripe:2.4.0
-
cpe:2.3:a:silverstripe:silverstripe:2.4.1
-
cpe:2.3:a:silverstripe:silverstripe:2.4.2
-
cpe:2.3:a:silverstripe:silverstripe:2.4.3
-
cpe:2.3:a:silverstripe:silverstripe:2.4.4
-
cpe:2.3:a:silverstripe:silverstripe:2.4.5