Description

SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2011-4960

Related Vulnerabilities

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2047)

WordPress Plugin Ultimate Responsive Image Slider Unspecified Vulnerability (3.3.2)

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-5608)

MySQL CVE-2022-21362 Vulnerability (CVE-2022-21362)

Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-46137)

Severity

High

Classification

CVE-2011-4960 CWE-138

Tags

Missing Update Known Vulnerabilities