| Max CVSS | 6.8 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-5078 | 5.0 |
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_ver
|
29-08-2017 - 01:29 | 17-09-2012 - 17:55 | |
| CVE-2010-4824 | 6.8 |
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via
|
29-08-2017 - 01:29 | 17-09-2012 - 17:55 | |
| CVE-2010-5079 | 5.0 |
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attac
|
18-09-2012 - 04:00 | 17-09-2012 - 17:55 |