GCVE - cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*

part: a version: 2.4.4 update: *

Vendor	Silverstripe (`fb3ee4e6-70c4-5017-82a7-81441bb33bd1`)
Product	Silverstripe (`a3b26fc2-6e91-5c07-b521-62f2382ac950`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/silverstripe/silverstripe-cms`	purl2cpe	2026-06-01 10:14:20.994067

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-4962`	vulnerable	2026-06-03 14:31:27.234456	Details available code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized. Published: 2012-09-17T17:00:00.000Z Updated: 2024-09-17T03:23:38.376Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2012/04/30/1 https://github.com/silverstripe/silverstripe-cms/commit/d15e850 http://www.openwall.com/lists/oss-security/2012/04/30/3 http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4961`	vulnerable	2026-06-03 14:31:27.234030	Details available SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups. Published: 2012-09-17T17:00:00.000Z Updated: 2024-09-16T17:19:06.700Z Open on db.gcve.eu Reference links https://github.com/silverstripe/sapphire/commit/de1f070 http://www.openwall.com/lists/oss-security/2012/04/30/1 http://www.openwall.com/lists/oss-security/2012/04/30/3 http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12 http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4959`	vulnerable	2026-06-03 14:31:27.232646	Details available SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: 2012-09-17T17:00:00.000Z Updated: 2024-09-17T02:10:53.830Z Open on db.gcve.eu Reference links https://github.com/silverstripe/sapphire/commit/73cca09 https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6 https://github.com/silverstripe/sapphire/commit/ca78784 http://www.openwall.com/lists/oss-security/2012/04/30/1 http://www.openwall.com/lists/oss-security/2012/04/30/3	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4958`	vulnerable	2026-06-03 14:31:27.231307	Details available Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/. Published: 2014-04-08T14:00:00.000Z Updated: 2024-08-07T00:23:39.120Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/520050/100/0/threaded http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6 http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12 http://osvdb.org/76258 https://github.com/silverstripe/sapphire/commit/bdd6391	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.