Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4824

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2010-4824
Last Modified 15 Oct 2012 12:00:00
Published 17 Sep 2012 01:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-4824

Summary

SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.

Vulnerable Systems

Application

  • Silverstripe 2.3.0

  • Silverstripe 2.3.1

  • Silverstripe 2.3.2

  • Silverstripe 2.3.3

  • Silverstripe 2.3.4

  • Silverstripe 2.3.5

  • Silverstripe 2.3.6

  • Silverstripe 2.3.7

  • Silverstripe 2.3.8

  • Silverstripe 2.3.9

  • Silverstripe 2.4.0

  • Silverstripe 2.4.1

  • Silverstripe 2.4.2

  • Silverstripe 2.4.3


References

XF - silverstripe-locale-sql-injection(63989)

BID - 45367

OSVDB - 69884

MLIST - [oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20120430 CVE-request: SilverStripe before 2.4.4

MLIST - [oss-security] 20110104 CVE request: silverstripe before 2.4.4

SECUNIA - 42346

CONFIRM - http://open.silverstripe.org/changeset/114517

CONFIRM - http://open.silverstripe.org/changeset/114515

CONFIRM - http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4

CONFIRM - http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10


Last Updated: 27 May 2016 11:00:43