Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe admin vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
4.3
CVSSv3
CVE-2023-49783
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch before 1.13.19 and on the 2.x branch before 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or d...
Silverstripe Admin
NA
CVE-2011-4958
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe prior to 2.3.13 and 2.4.x prior to 2.4.6 allows remote malicious users to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a reque...
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe
Silverstripe Silverstripe 2.4.4
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.11
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.4.5
1 EDB exploit
NA
CVE-2010-5090
SilverStripe prior to 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.1.0
Silverstripe Silverstripe 2.2.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.2.2
Silverstripe Silverstripe 2.0.0
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe
Silverstripe Silverstripe 2.2.4
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.2.1
Silverstripe Silverstripe 2.1.1
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.0.2
Silverstripe Silverstripe 2.0.1
Silverstripe Silverstripe 2.3.2
NA
CVE-2011-4961
SilverStripe 2.3.x prior to 2.3.12 and 2.4.x prior to 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups.
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.11
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.4
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.5
NA
CVE-2010-5094
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x prior to 2.3.7 does not require ADMIN permissions, which allows remote malicious users to delete index.php and "disrupt mod_rewrite-less URL routing."
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.2
6.1
CVSSv3
CVE-2015-8606
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework prior to 3.1.16 and 3.2.x prior to 3.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/fie...
Silverstripe Silverstripe 3.2.0
Silverstripe Silverstripe
6.1
CVSSv3
CVE-2017-14498
SilverStripe CMS prior to 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS...
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2019-14272
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
Silverstripe Silverstripe
9.8
CVSSv3
CVE-2019-12204
In SilverStripe up to and including 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
Silverstripe Silverstripe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »