CVE-2011-4962

SilverStripe CMS 2.4.0-2.4.5 - Remote Code Execution via Deserialization in User Comment Cookie

Title source: llm
STIX 2.1

Description

code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.

References (4)

Core 4
Core References
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/30/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/30/3

Scores

EPSS 0.0392
EPSS Percentile 89.1%

Details

CWE
CWE-20
Status published
Products (7)
silverstripe/cms 2.4.0 - 2.4.6Packagist
silverstripe/silverstripe 2.4.0
silverstripe/silverstripe 2.4.1
silverstripe/silverstripe 2.4.2
silverstripe/silverstripe 2.4.3
silverstripe/silverstripe 2.4.4
silverstripe/silverstripe 2.4.5
Published Sep 17, 2012
Tracked Since Feb 18, 2026