Filtered by vendor Silverstripe
Subscribe
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5089 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 4.3 MEDIUM | N/A |
| SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2010-5091 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 6.0 MEDIUM | N/A |
| The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file. | |||||
| CVE-2010-5080 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 6.8 MEDIUM | N/A |
| The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." | |||||
| CVE-2010-5092 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 1.9 LOW | N/A |
| The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database. | |||||
| CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2009-04-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. | |||||