Silverstripe

Silverstripe

64 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2010-5088

  • EPSS 0.53%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability t...

4.3

CVE-2010-5089

  • EPSS 0.44%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.

4

CVE-2010-5090

  • EPSS 0.22%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.

6

CVE-2010-5091

Exploit
  • EPSS 0.87%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.

1.9

CVE-2010-5092

  • EPSS 0.06%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.

5

CVE-2010-5093

Exploit
  • EPSS 0.52%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.

5

CVE-2010-5094

  • EPSS 0.79%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."

4.3

CVE-2010-5095

  • EPSS 0.65%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.

4.3

CVE-2010-5187

  • EPSS 0.36%
  • Veröffentlicht 26.08.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders...

2.1

CVE-2012-0976

Exploit
  • EPSS 0.38%
  • Veröffentlicht 02.02.2012 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtain...