silverstripe/framework code execution vulnerability

2024-05-2723:07:35

Google

osv.dev

vulnerability

code execution

viewabledata::renderwith

associative arrays

template placeholders

exploit

user input

sanitization

convert::raw2xml()

viewabledata::customise

software

7.3 High

AI Score

Confidence

High

JSON

There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written which makes use of the second argument in renderWith and where user input is passed directly as a value in an associative array without sanitisation such as Convert::raw2xml().

ViewableData::customise is not vulnerable.

CPENameOperatorVersion
silverstripe/frameworkeq4.1.0
silverstripe/frameworkeq4.0.3
silverstripe/frameworkeq4.1.0-rc2
silverstripe/frameworkeq4.1.0-rc1

Name	Operator	Version
silverstripe/framework	eq	4.1.0
silverstripe/framework	eq	4.0.3
silverstripe/framework	eq	4.1.0-rc2
silverstripe/framework	eq	4.1.0-rc1

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-006-1.yaml

github.com/silverstripe/silverstripe-framework

github.com/silverstripe/silverstripe-framework/commit/6f50728b185e62c0087a58b295a015cb13276911

www.silverstripe.org/download/security-releases/ss-2018-006

7.3 High

AI Score

Confidence

High

JSON