Arbitrary Code Execution via Crafted Cookie in SilverStripe 2.4.x

Arbitrary Code Execution via Crafted Cookie in SilverStripe 2.4.x

CVE-2011-4962 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.

Learn more about our User Device Pen Test.