SilverStripe < 2.3.6 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5345

Synopsis

The remote web server is hosting an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting SilverStripe CMS. The installed version of SilverStripe is earlier than 2.3.6. Such versions are potentially affected by multiple vulnerabilities :

- A cross-site scripting vulnerability in the 'DataObjectSet' pagination.

A cross-site scripting vulnerablity in the 'user' parameter of the 'jsparty/jquery/plugins/validate/demo/form.php' script.

- An information disclosure vulnerability through 'profile_trace' and 'debug_profile' GET parameters. (98229, 98230)

- The 'sapphire/core/control/Director.php' script displays the output of the 'memory_get_peak_usage()' function in an insecure manner.

Solution

Upgrade to SilverStripe 2.3.6 or later.

See Also

http://open.silverstripe.org/wiki/ChangeLog/2.3.6

http://www.nessus.org/u?5585847c

Plugin Details

Severity: Medium

ID: 5345

Family: CGI

Published: 2/25/2010

Updated: 3/6/2019

Nessus ID: 44941

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:silverstripe:silverstripe

Patch Publication Date: 2/8/2010

Vulnerability Publication Date: 2/24/2010

Reference Information

CVE: CVE-2010-5095, CVE-2010-5188

BID: 38394