Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4822

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-4822
Last Modified 18 Sep 2012 12:00:00
Published 17 Sep 2012 01:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-4822

Summary

core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.

Vulnerable Systems

Application

  • Silverstripe 2.4.0

  • Silverstripe 2.4.1

  • Silverstripe 2.4.2

  • Silverstripe 2.4.3


References

OSVDB - 69885

MLIST - [oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20120430 CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20110104 CVE request: silverstripe before 2.4.4

SECUNIA - 42346

CONFIRM - http://open.silverstripe.org/changeset/114783

CONFIRM - http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4


Last Updated: 27 May 2016 11:00:43