CVE-2010-5091

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
silverstripesilverstripe
2.3.0
silverstripesilverstripe
2.3.0:rc1
silverstripesilverstripe
2.3.0:rc2
silverstripesilverstripe
2.3.0:rc3
silverstripesilverstripe
2.3.1
silverstripesilverstripe
2.3.1:rc1
silverstripesilverstripe
2.3.1:rc2
silverstripesilverstripe
2.3.2
silverstripesilverstripe
2.3.3
silverstripesilverstripe
2.3.4
silverstripesilverstripe
2.3.5
silverstripesilverstripe
2.3.6
silverstripesilverstripe
2.3.7
silverstripesilverstripe
2.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1
http://open.silverstripe.org/changeset/107273
http://open.silverstripe.org/ticket/5693
http://www.openwall.com/lists/oss-security/2012/04/30/1
http://www.openwall.com/lists/oss-security/2012/04/30/3
http://www.openwall.com/lists/oss-security/2012/05/01/3
http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8
http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1
http://open.silverstripe.org/changeset/107273
http://open.silverstripe.org/ticket/5693
http://www.openwall.com/lists/oss-security/2012/04/30/1
http://www.openwall.com/lists/oss-security/2012/04/30/3
http://www.openwall.com/lists/oss-security/2012/05/01/3