GHSA-256Q-HX8W-XCQX Silverstripe Framework user enumeration via timing attack on login and password reset forms

Impact User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials. This was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+ References -...

Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin. Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE...

CMS 4.x.x Zorder (SQL Injection Vul)

No description provided by source. + Exploit Title : CMS 4.x.x Zorder SQL Injection Vul + Author : Kr4L BeNiM + Contact : www.facebook.com/kr4l.hacker + Date : November 13, 2011 + Software Link: http://mambo-developer.org + Category: Web Apps Vulnerability: SQL injection Vulnerability Exploit : -...

Slaed CMS 4 RFI / Shell Upload

======================================================================================== | Title : Script Slaed Cms 4 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : www.sec-war.com | Web Site : | Dork : Powered by SLAED CMS © 2005-2008 SLAED. All rights reserve...

SLAED CMS 4 - Installation Script Unauthorized Access

SLAED CMS 4 - Installation Script Unauthorized Access source: https://www.securityfocus.com/bid/38453/info SLAED CMS is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to obtain unauthorized access to installation scripts. SLAED CMS 4 is vulnerable; other versions...