| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-5078 | 5.0 |
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_ver
|
29-08-2017 - 01:29 | 17-09-2012 - 17:55 | |
| CVE-2010-4823 | 4.3 |
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitra
|
29-08-2017 - 01:29 | 17-09-2012 - 17:55 | |
| CVE-2010-4824 | 6.8 |
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via
|
29-08-2017 - 01:29 | 17-09-2012 - 17:55 | |
| CVE-2010-4822 | 4.3 |
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
|
18-09-2012 - 04:00 | 17-09-2012 - 17:55 | |
| CVE-2010-5087 | 5.0 |
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a
|
27-08-2012 - 21:05 | 26-08-2012 - 18:55 | |
| CVE-2010-5080 | 6.8 |
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session
|
27-08-2012 - 04:00 | 26-08-2012 - 18:55 |