CVE-2011-4961
CVE-2011-4961 affects SilverStripe 2.3.x (pre-2.3.12) and 2.4.x (pre-2.4.6). A remote, authenticated user with EDIT_PERMISSIONS can elevate to administrator by manipulating a TreeMultiselectField when adding the user to selected groups, enabling privileged access. The root cause is described as t...