VYPR
Moderate severityNVD Advisory· Published Sep 17, 2012· Updated Jun 16, 2026

CVE-2011-4962

CVE-2011-4962

Description

code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
silverstripe/cmsPackagist
>= 2.4.0, < 2.4.62.4.6

Affected products

7
  • cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.4.0, < 2.4.6

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.