Silverstripe » Silverstripe : Security Vulnerabilities, CVEs, Published In 2012 (Information Leak)
SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php.
Max CVSS
5.0
EPSS Score
1.05%
Published
2012-08-26
Updated
2017-08-29
SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message.
Max CVSS
4.3
EPSS Score
0.27%
Published
2012-08-26
Updated
2012-08-27
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
Max CVSS
4.3
EPSS Score
1.26%
Published
2012-09-17
Updated
2012-09-18
3 vulnerabilities found