Description
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
References (8)
Core 8
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/01/3
Various Sources x_refsource_misc
http://open.silverstripe.org/ticket/5693
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/30/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/30/3
Exploit x_refsource_misc
http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt
Various Sources x_refsource_confirm
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1
Patch x_refsource_confirm
http://open.silverstripe.org/changeset/107273
Various Sources x_refsource_confirm
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8
Scores
EPSS
0.0137
EPSS Percentile
68.6%
Details
CWE
CWE-94
Status
published
Products (9)
silverstripe/silverstripe
2.3.0 (4 CPE variants)
silverstripe/silverstripe
2.3.1 (3 CPE variants)
silverstripe/silverstripe
2.3.2
silverstripe/silverstripe
2.3.3
silverstripe/silverstripe
2.3.4
silverstripe/silverstripe
2.3.5
silverstripe/silverstripe
2.3.6
silverstripe/silverstripe
2.3.7
silverstripe/silverstripe
2.4.0
Published
Aug 26, 2012
Tracked Since
Feb 18, 2026