QwikSec

Security Database

CVE

CWE

Training

CVE-2010-5187

Published: Aug 26, 2012

Modified: Sep 16, 2024

PUBLISHED

Description

SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4

mailing-list

x_refsource_MLIST

[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4

mailing-list

x_refsource_MLIST

[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4

mailing-list

x_refsource_MLIST

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1

x_refsource_CONFIRM

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.