CVE-2010-5092

Published: Aug 26, 2012Modified: Apr 29, 2026

1.9

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 3.4 / Impact: 2.9

Source: NVD

Description

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.

Affected (1)

Products: Silverstripe: Silverstripe

Silverstripe

1 product

Silverstripe

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Silverstripe Silverstripe	Version 2.4.0

Related CWEs

CWE-255

References (12)

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1

Source: secalert@redhat.com

http://open.silverstripe.org/changeset/107532

Source: secalert@redhat.com

Patch

http://open.silverstripe.org/ticket/5772

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/30/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/30/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/01/3

Source: secalert@redhat.com

http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1