📦

silverstripe

Vendor: silverstripe

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 4 Remote Access

Total CVEs 369 Total Indexed

Avg. EPSS 0.65% Exploit Prob.

Latest CVE CVE-2022-37421 Nov 23

Security Vulnerability Index

Page 6 / 37

5.0 CVSS

CVE-2010-5094

The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."

EPSS: 0.79%

Severity: MEDIUM

Aug 26, 2012

5.0 CVSS

CVE-2010-5093

Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.

EPSS: 0.52%

Severity: MEDIUM

Aug 26, 2012

1.9 CVSS

CVE-2010-5092

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.

EPSS: 0.06%

Severity: LOW

Aug 26, 2012

6.0 CVSS

CVE-2010-5091

RCE

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.

EPSS: 0.87%

Severity: MEDIUM

Aug 26, 2012

4.0 CVSS

CVE-2010-5090

SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.

EPSS: 0.22%

Severity: MEDIUM

Aug 26, 2012

4.3 CVSS

CVE-2010-5089

SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.

EPSS: 0.44%

Severity: MEDIUM

Aug 26, 2012

6.8 CVSS

CVE-2010-5088

Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.

EPSS: 0.53%

Severity: MEDIUM

Aug 26, 2012

5.0 CVSS

CVE-2010-5087

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller.

EPSS: 0.78%

Severity: MEDIUM

Aug 26, 2012

6.8 CVSS

CVE-2010-5080

The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."

EPSS: 0.66%

Severity: MEDIUM

Aug 26, 2012

2.1 CVSS

CVE-2012-0976

Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.

EPSS: 0.38%

Severity: LOW

Feb 02, 2012

Displaying 10 of 369 Total Entries

4 5 6 7 8 ... 37

Total 37 Sections