Description
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Remediation
References
Related Vulnerabilities
WordPress 4.5.x Directory Traversal (4.5 - 4.5.31)
Joomla! Core 3.7.0 SQL Injection (3.7.0)
WordPress Plugin Easy Image Gallery Cross-Site Scripting (1.1.1)
WordPress Plugin Placemarks Cross-Site Scripting (2.0.0)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5492)