Moderate severityNVD Advisory· Published Sep 17, 2012· Updated Apr 29, 2026
CVE-2011-4962
CVE-2011-4962
Description
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/cmsPackagist | >= 2.4.0, < 2.4.6 | 2.4.6 |
Affected products
6cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*
Patches
2d15e8509b01fSECURITY Using JSON instead of serialize() to stringify user data in PageCommentsInterface
1 file changed · +3 −3
code/sitefeatures/PageCommentInterface.php+3 −3 modified@@ -222,7 +222,7 @@ function PostCommentForm() { foreach($fields as $field) { if(!$field instanceof HiddenField) $visibleFields[] = $field->Name(); } - $form->loadDataFrom(unserialize($cookie), false, $visibleFields); + $form->loadDataFrom(Convert::json2array($cookie), false, $visibleFields); } return $form; @@ -272,7 +272,7 @@ function DeleteAllLink() { */ class PageCommentInterface_Form extends Form { function postcomment($data) { - Cookie::set("PageCommentInterface_Data", serialize($data)); + Cookie::set("PageCommentInterface_Data", Convert::raw2json($data)); // Spam filtering if(SSAkismet::isEnabled()) { @@ -333,7 +333,7 @@ function postcomment($data) { $comment->write(); unset($data['Comment']); - Cookie::set("PageCommentInterface_Data", serialize($data)); + Cookie::set("PageCommentInterface_Data", Convert::raw2json($data)); $moderationMsg = _t('PageCommentInterface_Form.AWAITINGMODERATION', "Your comment has been submitted and is now awaiting moderation.");
d15e850Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- www.openwall.com/lists/oss-security/2012/04/30/1nvdPatchWEB
- github.com/silverstripe/silverstripe-cms/commit/d15e850nvdExploitPatch
- doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6nvdVendor Advisory
- github.com/advisories/GHSA-gv6c-59h4-9pmgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4962ghsaADVISORY
- www.openwall.com/lists/oss-security/2012/04/30/3nvdWEB
- github.com/silverstripe/silverstripe-cms/commit/d15e8509b01ff2dbbe3028a055021a29b1065b22ghsaWEB
- web.archive.org/web/20120621234353/http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6ghsaWEB
News mentions
0No linked articles in our index yet.