code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-09-17 10:55
Updated : 2012-09-17 21:00
NVD link : CVE-2011-4962
Mitre link : CVE-2011-4962
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
silverstripe
- silverstripe