Max CVSS | 7.5 | Min CVSS | 6.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-4959 | 6.8 |
SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unsp
|
15-10-2012 - 04:00 | 17-09-2012 - 17:55 | |
CVE-2011-4961 | 6.0 |
SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected g
|
15-10-2012 - 04:00 | 17-09-2012 - 17:55 | |
CVE-2011-4962 | 6.8 |
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
|
18-09-2012 - 04:00 | 17-09-2012 - 17:55 | |
CVE-2011-4960 | 7.5 |
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
18-09-2012 - 04:00 | 17-09-2012 - 17:55 |