SilverStripe Multiple Remote Vulnerabilities

SilverStripe is prone to multiple remote vulnerabilities, including:

1. A cross-site scripting vulnerability
2. An SQL-injection vulnerability
3. An information-disclosure vulnerability

Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, execute arbitrary script code, or steal cookie-based authentication credentials and gain access to sensitive information.

Versions prior to SilverStripe 2.4.4-rc1 and 2.3.10-rc1 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus