Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.17 views

CVE-2019-12245

SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile. An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension...

5.3CVSS6.7AI score0.01369EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0310

Malware in sbrugna...

6.1CVSS6.1AI score0.00685EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-5044

Malware in sbrugna...

6.8CVSS6.4AI score0.01223EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-4868

Malware in sbrugna...

6CVSS6.4AI score0.016EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-5051

Malware in sbrugna...

5CVSS6.2AI score0.02955EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-5054

Malware in sbrugna...

4CVSS6.4AI score0.01086EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2013-2592

Malware in sbrugna...

5.8CVSS6.1AI score0.04071EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-10683

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00265EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3848

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00742EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-5644

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01564EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 1:46 a.m.8 views

CVE-2010-5094

The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt modrewrite-less URL routing."...

5CVSS7.1AI score0.01735EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:57 p.m.7 views

CVE-2009-1433

SQL injection vulnerability in File::find filesystem/File.php in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter...

7.5CVSS8.8AI score0.01096EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.254 views

SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download/ Category: Web Application Version: 5.2.22 Tested on: SilverStripe...

5.4CVSS7AI score0.01108EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2025/04/10 1:38 p.m.12 views

Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report

An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid field. References -...

5.4CVSS6AI score0.00265EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/14 2:45 a.m.5 views

GHSA-WG4M-VVP6-2HC5 SilverStripe vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via 1 the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject...

5.3CVSS5.7AI score0.026EPSS
Exploits1References10
Cvelist
Cvelist
added 2019/09/25 6:25 p.m.35 views

CVE-2019-12204

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...

9.5AI score0.0146EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 2018/05/24 1:11 p.m.14 views

SS-2018-006: Code execution vulnerability

More info at https://www.silverstripe.org/download/security-releases/ss-2018-006/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/08/15 6:5 p.m.13 views

SS-2016-007: VersionedRequestFilter vulnerability

More info at https://www.silverstripe.org/download/security-releases/ss-2016-007/...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder