Older Security issues » Silverstripe CMS

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Severity:: Low (?)
Release Date:: 2013-01-01

5 December 2012

SilverStripe v2.4.9 - [Severity: Moderate] More secure "remember me" and "forgot password" token hashing (details)

31 October 2012

SilverStripe v2.4.8 - [Severity: Moderate] Redirection to remote URLs, content type checks, install.php remote code execution (details)

31 January 2012

SilverStripe v2.4.7 - XSS in text transformations on templates and page title saving in CMS (details)
SilverStripe v2.3.13 - See 2.4.7 (details)

18 October 2011

SilverStripe v2.4.6 - XSS in anchor links, possible SQL injection with far eastern encodings, possible remote code execution through page comments (details)
SilverStripe v2.3.12 - See 2.4.6 (details)

21 December 2010

SilverStripe v2.4.4 - SQL information disclosure, SQL injection in Translatable extension, Cross Site Request Forgery in various CMS interfaces, XSS in controller action handling (details)
SilverStripe v2.3.10 - SQL injection in Translatable extension, Cross Site Request Forgery in various CMS interfaces, XSS in controller action handling (details)

11 November 2010

SilverStripe v2.4.3 - Cross Site Request Forgery in various CMS interfaces and page comments, increased file extension upload security through whitelisting (details)
SilverStripe v2.3.9 - Cross Site Request Forgery in various CMS interfaces and page comments (details)

22 September 2010

SilverStripe v2.4.2 - Viewing unpublished content, privilege escalation of CMS editors with access to admin/security (details)

23 July 2010

SilverStripe v2.4.1 - File extension checks, installer security, information disclosure through PHP file execution, passwords not encrypted in certain UI actions (details)
SilverStripe v2.3.8 - File extension checks, information disclosure through PHP file execution (details)

18 March 2010

SilverStripe v2.3.7 - Privilege escalation exploit, unauthenticated remote removal of index.php under certain conditions

8 February 2010

SilverStripe v2.3.6 - Escaping exploit

21 January 2010

SilverStripe v2.3.5 - Escaping exploit
Forum 0.2.5 - Addresses an escaping issue

8 July 2009

Blog Module v0.2.1

20 March 2009

SilverStripe v2.3.1
SilverStripe v2.2.4 - designed for maximum compatibility with v2.2.0 - v2.2.3