Description

SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2011-4959

Related Vulnerabilities

Oracle Database Server CVE-2012-0534 Vulnerability (CVE-2012-0534)

Oracle Application Server CVE-2008-4017 Vulnerability (CVE-2008-4017)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)

Python Improper Privilege Management Vulnerability (CVE-2020-29396)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6417)

Severity

Medium

Classification

CVE-2011-4959 CWE-138

Tags

Missing Update Known Vulnerabilities