Lucene search
K

7 matches found

OSV
OSV
added 2024/05/28 12:53 p.m.13 views

GHSA-M2HH-2M46-X6J5 silverstripe/framework may disclose database credentials during connection failure

When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur...

6.5CVSS6.5AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/05/28 12:53 p.m.10 views

silverstripe/framework may disclose database credentials during connection failure

When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur...

6.5AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/27 11:35 p.m.19 views

silverstripe/framework allows upload of dangerous file types

Some potentially dangerous file types exist in File.allowedextensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...

7.2AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.2 views

PT-2024-40472 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe 4 affected versions not specified Description: The issue concerns potentially dangerous file types in the File.allowed extensions configuration, which could allow a malicious CMS user to upload files that get executed in the...

8.8CVSS7AI score
Exploits0References5
OSV
OSV
added 2022/06/29 10:39 p.m.33 views

GHSA-9FMG-89FX-R33W Quadratic blowup in Convert::xml2array()

Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...

6.5CVSS6.3AI score0.00985EPSS
Exploits0References5
NVD
NVD
added 2019/04/11 7:29 p.m.49 views

CVE-2019-5715

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject...

9.8CVSS9.8AI score0.01564EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2017/12/07 1:27 p.m.11 views

SS-2017-008: SQL injection in full text search of SilverStripe 4

More info at https://www.silverstripe.org/download/security-releases/ss-2017-008/...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder