Vulnerabilities > Silverstripe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-26 | CVE-2019-16409 | Information Exposure vulnerability in multiple products In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. | 5.0 |
| 2019-09-26 | CVE-2019-14273 | Files or Directories Accessible to External Parties vulnerability in Silverstripe In SilverStripe assets 4.0, there is broken access control on files. | 5.0 |
| 2019-09-26 | CVE-2019-14272 | Cross-site Scripting vulnerability in Silverstripe In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. | 3.5 |
| 2019-09-26 | CVE-2019-12617 | Unspecified vulnerability in Silverstripe In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. | 4.0 |
| 2019-09-25 | CVE-2019-12245 | Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). | 5.0 |
| 2019-09-25 | CVE-2019-12205 | Cross-site Scripting vulnerability in Silverstripe SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. | 4.3 |
| 2019-09-25 | CVE-2019-12204 | Unspecified vulnerability in Silverstripe In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | 7.5 |
| 2019-09-25 | CVE-2019-12203 | Session Fixation vulnerability in Silverstripe SilverStripe through 4.3.3 allows session fixation in the "change password" form. | 3.7 |
| 2019-06-11 | CVE-2019-12149 | SQL Injection vulnerability in Silverstripe Registry and Restfulserver SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. | 7.5 |
| 2019-04-11 | CVE-2019-5715 | SQL Injection vulnerability in Silverstripe All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. | 7.5 |