Miggo Logo

CVE-2011-4962: Silverstripe CMS Arbitrary Code Execution

6.8

CVSS Score

Basic Information

EPSS Score
0.85212%
Published
5/17/2022
Updated
1/19/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
silverstripe/cmscomposer>= 2.4.0, < 2.4.62.4.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from using PHP's native serialize()/unserialize() on user-controlled cookie data. The patch replaced these with JSON serialization (Convert::raw2json/json2array), confirming these functions were the root cause. unserialize() on untrusted input is a well-known anti-pattern (CWE-502), and the cookie data flow (user comment -> serialize() -> cookie -> unserialize()) creates an exploit chain. The direct correlation between the vulnerability description, CWE mapping, and patched functions provides high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`*o**/sit****tur*s/P****omm*ntInt*r****.p*p` in Silv*rStrip* *.*.x ***or* *.*.* mi**t *llow r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* * *r**t** *ooki* in * us*r *omm*nt su*mission, w*i** is not prop*rly **n*l** w**n it is **s*ri*liz**.

Reasoning

T** vuln*r**ility st*ms *rom usin* `P*P`'s n*tiv* `s*ri*liz*()`/`uns*ri*liz*()` on us*r-*ontroll** *ooki* **t*. T** p*t** r*pl**** t**s* wit* JSON s*ri*liz*tion (`*onv*rt::r*w*json/json**rr*y`), *on*irmin* t**s* *un*tions w*r* t** root **us*. `uns*ri