CVE-2010-5091

N/A Unknown

Published: August 26, 2012 Modified: April 29, 2026

Description

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt

Source: secalert@redhat.com

Exploit

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8

Source: secalert@redhat.com

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1

Source: secalert@redhat.com

http://open.silverstripe.org/changeset/107273

Source: secalert@redhat.com

Patch

http://open.silverstripe.org/ticket/5693

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/30/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/30/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/01/3

Source: secalert@redhat.com

http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt