| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-5078 | 5.0 |
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_ver
|
29-08-2017 - 01:29 | 17-09-2012 - 17:55 | |
| CVE-2010-4823 | 4.3 |
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitra
|
29-08-2017 - 01:29 | 17-09-2012 - 17:55 | |
| CVE-2010-4824 | 6.8 |
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via
|
29-08-2017 - 01:29 | 17-09-2012 - 17:55 | |
| CVE-2010-5079 | 5.0 |
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attac
|
18-09-2012 - 04:00 | 17-09-2012 - 17:55 | |
| CVE-2010-4822 | 4.3 |
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
|
18-09-2012 - 04:00 | 17-09-2012 - 17:55 |