CVE-2010-5094

Severity

50%

Complexity

99%

Confidentiality

48%

The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."

The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

SilverStripe

First reported 12 years ago

2012-08-26 18:55:00

Last updated 12 years ago

2012-08-27 04:00:00

Affected Software

SilverStripe SilverStripe 2.3.0

2.3.0

SilverStripe SilverStripe 2.3.0 release candidate 1

2.3.0

SilverStripe SilverStripe 2.3.1 release candidate 2

2.3.0

SilverStripe SilverStripe 2.3.1 release candidate 3

2.3.0

SilverStripe SilverStripe 2.3.1

2.3.1

SilverStripe SilverStripe 2.3.1 release candidate 1

2.3.1

SilverStripe SilverStripe 2.3.1 release candidate 2

2.3.1

SilverStripe 2.3.2

2.3.2

SilverStripe 2.3.3

2.3.3

SilverStripe 2.3.4

2.3.4

SilverStripe 2.3.5

2.3.5

SilverStripe 2.3.6

2.3.6

References

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7

http://open.silverstripe.org/changeset/101227

[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4

[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4

[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4

http://www.silverstripe.org/security-releases

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.