2 matches found
CVE-2010-5094
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt modrewrite-less URL routing."...
CVE-2010-5094
The CVE-2010-5094 issue affects SilverStripe 2.3.x prior to 2.3.7. The deleteinstallfiles function in control/ContentController.php does not require ADMIN permissions, enabling remote attackers to delete index.php and disrupt URL routing when mod_rewrite is not available. Concrete details from mu...