Older releases

Severity:
Low (?)
Release Date:
 
2013-01-01

5 December 2012

31 October 2012

  • SilverStripe v2.4.8 - [Severity: Moderate] Redirection to remote URLs, content type checks, install.php remote code execution  (details)

31 January 2012

18 October 2011

21 December 2010

  • SilverStripe v2.4.4 - SQL information disclosure, SQL injection in Translatable extension, Cross Site Request Forgery in various CMS interfaces, XSS in controller action handling (details)
  • SilverStripe v2.3.10 - SQL injection in Translatable extension, Cross Site Request Forgery in various CMS interfaces, XSS in controller action handling (details)

11 November 2010

  • SilverStripe v2.4.3 - Cross Site Request Forgery in various CMS interfaces and page comments, increased file extension upload security through whitelisting (details)
  • SilverStripe v2.3.9 - Cross Site Request Forgery in various CMS interfaces and page comments (details)

22 September 2010

23 July 2010

  • SilverStripe v2.4.1 - File extension checks, installer security, information disclosure through PHP file execution, passwords not encrypted in certain UI actions (details)
  • SilverStripe v2.3.8 - File extension checks, information disclosure through PHP file execution (details)

18 March 2010

  • SilverStripe v2.3.7 - Privilege escalation exploit, unauthenticated remote removal of index.php under certain conditions

8 February 2010

21 January 2010

8 July 2009

20 March 2009

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.