Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
silverstripeCMS Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2010-5091 - Vulnerability Database
silverstripeCMS

silverstripeCMS Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2010-5091

Medium
Reference: CVE-2010-5091
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-5091
Title: silverstripeCMS Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.