4.3
CVE-2010-5187
- EPSS 0.36%
- Veröffentlicht 26.08.2012 18:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Silverstripe ≫ Silverstripe Version2.3.0
Silverstripe ≫ Silverstripe Version2.3.0 Updaterc1
Silverstripe ≫ Silverstripe Version2.3.0 Updaterc2
Silverstripe ≫ Silverstripe Version2.3.0 Updaterc3
Silverstripe ≫ Silverstripe Version2.3.1
Silverstripe ≫ Silverstripe Version2.3.1 Updaterc1
Silverstripe ≫ Silverstripe Version2.3.1 Updaterc2
Silverstripe ≫ Silverstripe Version2.3.2
Silverstripe ≫ Silverstripe Version2.3.3
Silverstripe ≫ Silverstripe Version2.3.4
Silverstripe ≫ Silverstripe Version2.3.5
Silverstripe ≫ Silverstripe Version2.3.6
Silverstripe ≫ Silverstripe Version2.3.7
Silverstripe ≫ Silverstripe Version2.4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.55 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.