6 matches found
Silverstripe CMS Arbitrary Code Execution
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized...
Sql injection
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-4822
CVE-2010-4822 affects SilverStripe 2.4.x up to 2.4.3 (before 2.4.4). When the site runs in “live mode,” remote attackers can obtain the underlying SQL queries for a page through the showqueries and ajax parameters in core/model/MySQLDatabase.php. The issue is documented consistently across multip...
CVE-2010-5087
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller...
Code injection
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...
Session fixation
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...