Description

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.

Remediation

References

CVE-2010-5092

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-3630)

Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)

Oracle JRE CVE-2017-10274 Vulnerability (CVE-2017-10274)

MySQL CVE-2016-0668 Vulnerability (CVE-2016-0668)

Severity

Low

Classification

CVE-2010-5092

Tags

Missing Update Known Vulnerabilities