Description

SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2011-4960

Related Vulnerabilities

WordPress Plugin Backlink Rechecker Multiple Cross-Site Scripting Vulnerabilities (1.2.1)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-9787)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-1238)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1591)

Oracle JRE CVE-2019-2973 Vulnerability (CVE-2019-2973)

Severity

High

Classification

CVE-2011-4960 CWE-138

Tags

Missing Update Known Vulnerabilities