First published: Mon Sep 17 2012(Updated: )
`code/sitefeatures/PageCommentInterface.php` in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Silverstripe silverstripe | =2.4.1 | |
Silverstripe silverstripe | =2.4.0 | |
Silverstripe silverstripe | =2.4.2 | |
Silverstripe silverstripe | =2.4.4 | |
Silverstripe silverstripe | =2.4.3 | |
Silverstripe silverstripe | =2.4.5 | |
composer/silverstripe/cms | >=2.4.0<2.4.6 | 2.4.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.