core/model/MySQLDatabase.php in SilverStripe 2.4.x prior to 2.4.4, when the site is running in "live mode," allows remote malicious users to obtain the SQL queries for a page via the showqueries and ajax parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
silverstripe silverstripe 2.4.3 |
||
silverstripe silverstripe 2.4.2 |
||
silverstripe silverstripe 2.4.0 |
||
silverstripe silverstripe 2.4.1 |