Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2010-5092
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
Silverstripe Silverstripe 2.4.0
5
CVSSv2
CVE-2010-5094
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x prior to 2.3.7 does not require ADMIN permissions, which allows remote malicious users to delete index.php and "disrupt mod_rewrite-less URL routing."
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.2
5
CVSSv2
CVE-2010-5087
SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4 allows remote malicious users to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controlle...
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
4.3
CVSSv2
CVE-2010-5089
SilverStripe prior to 2.4.2 does not properly restrict access to pages in draft mode, which allows remote malicious users to obtain sensitive information.
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.1.1
Silverstripe Silverstripe 2.0.1
Silverstripe Silverstripe 2.0.2
Silverstripe Silverstripe 2.0.0
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.2.1
Silverstripe Silverstripe 2.1.0
Silverstripe Silverstripe
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.2.0
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.2.2
Silverstripe Silverstripe 2.2.4
2.1
CVSSv2
CVE-2012-0976
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information...
Silverstripe Silverstripe 2.4.6
4.3
CVSSv2
CVE-2010-1593
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe prior to 2.3.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module prior to 0.2.5 in SilverStripe prior to 2.3.5 allo...
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.1.0
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.1.1
Silverstripe Silverstripe 2.2.2
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.0.0
Silverstripe Silverstripe 2.2.1
Silverstripe Silverstripe 2.2.4
Silverstripe Silverstripe 2.0.1
Silverstripe Silverstripe
Silverstripe Silverstripe 2.0.2
Silverstripe Silverstripe 2.2.0
7.5
CVSSv2
CVE-2008-6753
SQL injection vulnerability in SilverStripe prior to 2.2.2 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
Silverstripe Silverstripe 2.2.0
Silverstripe Silverstripe 2.1.1
Silverstripe Silverstripe 2.1.0
Silverstripe Silverstripe 2.0.2
Silverstripe Silverstripe 2.0.1
Silverstripe Silverstripe 2.0.0
Silverstripe Silverstripe
7.5
CVSSv2
CVE-2009-1433
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe prior to 2.3.1 allows remote malicious users to execute arbitrary SQL commands via the filename parameter.
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.1.0
Silverstripe Silverstripe 2.0.1
Silverstripe Silverstripe 2.0.0
Silverstripe Silverstripe 2.2.2
Silverstripe Silverstripe 2.2.1
Silverstripe Silverstripe 2.2.0
Silverstripe Silverstripe 2.1.1
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe
Silverstripe Silverstripe 2.2.4
Silverstripe Silverstripe 2.0.2
10
CVSSv2
CVE-2007-2321
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
Silverstripe Silverstripe 2.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9