Moderate severityNVD Advisory· Published Sep 17, 2012· Updated Jun 16, 2026
CVE-2011-4962
CVE-2011-4962
Description
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/cmsPackagist | >= 2.4.0, < 2.4.6 | 2.4.6 |
Affected products
7cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2012/04/30/1nvdPatchWEB
- github.com/silverstripe/silverstripe-cms/commit/d15e850nvdExploitPatch
- doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6nvdVendor Advisory
- github.com/advisories/GHSA-gv6c-59h4-9pmgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4962ghsaADVISORY
- www.openwall.com/lists/oss-security/2012/04/30/3nvdWEB
- github.com/silverstripe/silverstripe-cms/commit/d15e8509b01ff2dbbe3028a055021a29b1065b22ghsaWEB
- web.archive.org/web/20120621234353/http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6ghsaWEB
News mentions
0No linked articles in our index yet.