CVE-2010-5088

Published: Aug 26, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.

Affected (17)

Products: Silverstripe: Silverstripe

1 product

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Silverstripe Silverstripe	Version 2.3.0
Silverstripe Silverstripe	Version 2.3.0 rc1
Silverstripe Silverstripe	Version 2.3.0 rc2
Silverstripe Silverstripe	Version 2.3.0 rc3
Silverstripe Silverstripe	Version 2.3.1
Silverstripe Silverstripe	Version 2.3.1 rc1
Silverstripe Silverstripe	Version 2.3.1 rc2
Silverstripe Silverstripe	Version 2.3.2
Silverstripe Silverstripe	Version 2.3.3
Silverstripe Silverstripe	Version 2.3.4
Silverstripe Silverstripe	Version 2.3.5
Silverstripe Silverstripe	Version 2.3.6
Silverstripe Silverstripe	Version 2.3.7
Silverstripe Silverstripe	Version 2.3.8
Silverstripe Silverstripe	Version 2.4.0
Silverstripe Silverstripe	Version 2.4.1
Silverstripe Silverstripe	Version 2.4.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (26)

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9

Source: secalert@redhat.com

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3

Source: secalert@redhat.com

http://holisticinfosec.org/content/view/157/45/

Source: secalert@redhat.com

http://open.silverstripe.org/changeset/113275

Source: secalert@redhat.com

Patch

http://open.silverstripe.org/changeset/113282

Source: secalert@redhat.com

Patch

http://secunia.com/advisories/41717

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2011/01/03/12

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/30/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/30/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/01/3

Source: secalert@redhat.com

http://www.osvdb.org/69113

Source: secalert@redhat.com

http://www.securityfocus.com/bid/44768

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/63156

Source: secalert@redhat.com

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9

Source: af854a3a-2127-422b-91ae-364da2661108

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3

Source: af854a3a-2127-422b-91ae-364da2661108

http://holisticinfosec.org/content/view/157/45/

Source: af854a3a-2127-422b-91ae-364da2661108

http://open.silverstripe.org/changeset/113275

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://open.silverstripe.org/changeset/113282

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/41717

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2011/01/03/12

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/04/30/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/04/30/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/01/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/69113

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/44768

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/63156

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.