Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5094 | 1 Silverstripe | 1 Silverstripe | 2012-08-26 | 5.0 MEDIUM | N/A |
| The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing." | |||||
| CVE-2010-5080 | 1 Silverstripe | 1 Silverstripe | 2012-08-26 | 6.8 MEDIUM | N/A |
| The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." | |||||
| CVE-2010-5089 | 1 Silverstripe | 1 Silverstripe | 2012-08-26 | 4.3 MEDIUM | N/A |
| SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2009-04-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. | |||||