CVE-2010-5091

Published: Aug 26, 2012

Modified: Sep 16, 2024

PUBLISHED

Description

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4

mailing-list

x_refsource_MLIST

http://open.silverstripe.org/ticket/5693

x_refsource_MISC

[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4

mailing-list

x_refsource_MLIST

[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4

mailing-list

x_refsource_MLIST

http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt

x_refsource_MISC

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1

x_refsource_CONFIRM

http://open.silverstripe.org/changeset/107273

x_refsource_CONFIRM

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-5091

Description

Affected Products

References