Description

SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.

Remediation

References

CVE-2010-4824

Related Vulnerabilities

Joomla! Core 1.0 Remote File Inclusion (1.0.0)

Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-26265)

Drupal Core 6.x Denial of Service (6.0 - 6.32)

WordPress Plugin Easy Appointments Cross-Site Scripting (1.11.7)

Jenkins DEPRECATED: Code Vulnerability (CVE-2016-3721)

Severity

Medium

Classification

CVE-2010-4824 CWE-138

Tags

Missing Update Known Vulnerabilities