Description

SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.

Remediation

References

CVE-2010-4824

Related Vulnerabilities

Oracle Database Server CVE-2014-6454 Vulnerability (CVE-2014-6454)

WordPress Plugin Corner Ad Cross-Site Scripting (1.0.7)

WordPress Plugin Favicon by RealFaviconGenerator Unspecified Vulnerability (1.2.13)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1734)

PHP Other Vulnerability (CVE-2003-0863)

Severity

Medium

Classification

CVE-2010-4824 CWE-138

Tags

Missing Update Known Vulnerabilities