Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe silverstripe 2.4.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2010-4822
core/model/MySQLDatabase.php in SilverStripe 2.4.x prior to 2.4.4, when the site is running in "live mode," allows remote malicious users to obtain the SQL queries for a page via the showqueries and ajax parameters.
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
6.8
CVSSv2
CVE-2011-4962
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x prior to 2.4.6 might allow remote malicious users to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.4
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.5
4.3
CVSSv2
CVE-2010-5187
SilverStripe 2.3.x prior to 2.3.8 and 2.4.x prior to 2.4.1, when running on servers with certain configurations, allows remote malicious users to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the ...
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.4
6
CVSSv2
CVE-2010-5091
The setName function in filesystem/File.php in SilverStripe 2.3.x prior to 2.3.8 and 2.4.x prior to 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.6
1.9
CVSSv2
CVE-2010-5092
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
Silverstripe Silverstripe 2.4.0
6.8
CVSSv2
CVE-2010-5088
Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x prior to 2.3.9 and 2.4.x prior to 2.4.3 allow remote malicious users to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.7
4.3
CVSSv2
CVE-2010-4823
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4, when custom error handling is not used, allows remote malicious users to inject arbitrary web script or HTM...
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
6.8
CVSSv2
CVE-2010-4824
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4, when the Translatable extension is enabled, allows remote malicious users to execute arbitrary SQL commands via the locale parameter...
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
5
CVSSv2
CVE-2010-5078
SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silv...
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
5
CVSSv2
CVE-2010-5079
SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote malicious users to by...
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »