7 matches found
SQL Injection
silverstripe/subsites is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation and sanitization in the silverstripe/subsites module, which allows attacker can inject malicious SQL queries...
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
There is a low level potential SQL injection vulnerability in the silverstripe/subsites module has been identified and fixed in version 2.1.1...
GHSA-XC69-P8FC-M6M5 silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
There is a low level potential SQL injection vulnerability in the silverstripe/subsites module has been identified and fixed in version 2.1.1...
PT-2024-40525 · Silverstripe · Silverstripe/Subsites
Name of the Vulnerable Software and Affected Versions: silverstripe/subsites versions prior to 2.1.1 Description: A potential SQL injection issue has been identified in the silverstripe/subsites module. The issue has been fixed in version 2.1.1. Recommendations: For versions prior to 2.1.1, updat...
Privilege Escalation
silverstripe/subsites is vulnerable to privilege escalation. The vulnerability exists in FileSubsites.php due to the lack of validation in file edit privileges, which allows an attacker to modify sensitive files inside the system...
CVE-2022-42949
Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...
PT-2022-26676 · Silverstripe · Silverstripe/Subsites
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/subsites versions through 2.6.0 Description: The subsites module can weaken edit restrictions on some files, allowing a malicious user to edit files they do not have edit rights to. This issue only affects projects...