CVE-2011-4962

code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*

Information

Published : 2012-09-17 10:55

Updated : 2012-09-17 21:00


NVD link : CVE-2011-4962

Mitre link : CVE-2011-4962


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

silverstripe

  • silverstripe