Filtered by vendor Silverstripe
Subscribe
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5089 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 4.3 MEDIUM | N/A |
| SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2010-5187 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 4.3 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message. | |||||
| CVE-2010-5092 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 1.9 LOW | N/A |
| The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database. | |||||
| CVE-2010-5080 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 6.8 MEDIUM | N/A |
| The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." | |||||
| CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2009-04-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. | |||||