CVE-2010-5091

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:22

Type Values Removed Values Added
References () http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt - Exploit () http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt - Exploit
References () http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8 - () http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8 -
References () http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1 - () http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1 -
References () http://open.silverstripe.org/changeset/107273 - Patch () http://open.silverstripe.org/changeset/107273 - Patch
References () http://open.silverstripe.org/ticket/5693 - () http://open.silverstripe.org/ticket/5693 -
References () http://www.openwall.com/lists/oss-security/2012/04/30/1 - () http://www.openwall.com/lists/oss-security/2012/04/30/1 -
References () http://www.openwall.com/lists/oss-security/2012/04/30/3 - () http://www.openwall.com/lists/oss-security/2012/04/30/3 -
References () http://www.openwall.com/lists/oss-security/2012/05/01/3 - () http://www.openwall.com/lists/oss-security/2012/05/01/3 -

Information

Published : 2012-08-26 18:55

Updated : 2024-11-21 01:22


NVD link : CVE-2010-5091

Mitre link : CVE-2010-5091

CVE.ORG link : CVE-2010-5091


JSON object : View

Products Affected

silverstripe

  • silverstripe
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')