| Max CVSS | 6.0 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-5187 | 4.3 |
SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders
|
27-08-2012 - 04:00 | 26-08-2012 - 18:55 | |
| CVE-2010-5091 | 6.0 |
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
|
27-08-2012 - 04:00 | 26-08-2012 - 18:55 | |
| CVE-2010-5092 | 1.9 |
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
|
27-08-2012 - 04:00 | 26-08-2012 - 18:55 |