Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-10077
A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can b...
Webbuildersgroup Silverstripe-kapost-bridge
9.8
CVSSv3
CVE-2019-12204
In SilverStripe up to and including 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
Silverstripe Silverstripe
9.8
CVSSv3
CVE-2019-12149
SQL injection vulnerability in silverstripe/restfulserver module 1.0.x prior to 1.0.9, 2.0.x prior to 2.0.4, and 2.1.x prior to 2.1.2 and silverstripe/registry module 2.1.x prior to 2.1.1 and 2.2.x prior to 2.2.1 allows malicious users to execute arbitrary SQL commands.
Silverstripe Restfulserver
Silverstripe Registry
9.8
CVSSv3
CVE-2019-5715
All versions of SilverStripe 3 before 3.6.7 and 3.7.3, and all versions of SilverStripe 4 before 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
Silverstripe Silverstripe 4.3.0
Silverstripe Silverstripe
8.8
CVSSv3
CVE-2022-38148
Silverstripe silverstripe/framework up to and including 4.11 allows SQL Injection.
Silverstripe Framework
8.8
CVSSv3
CVE-2020-9309
Silverstripe CMS up to and including 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to ex...
Silverstripe Mimevalidator
Silverstripe Recipe
8.8
CVSSv3
CVE-2019-12437
In SilverStripe up to and including 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
Silverstripe Silverstripe
7.5
CVSSv3
CVE-2023-40180
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed grap...
Silverstripe Graphql
7.5
CVSSv3
CVE-2023-28104
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affe...
Silverstripe Graphql 4.1.1
Silverstripe Graphql 4.2.2
7.5
CVSSv3
CVE-2022-42949
Silverstripe silverstripe/subsites up to and including 2.6.0 has Insecure Permissions.
Silverstripe Subsites
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »