oss-sec mailing list archives

CVE request: silverstripe before 2.4.4

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 4 Jan 2011 00:50:19 +0100

http://www.silverstripe.org/security-releases/

Silverstripe 2.4.4 notes:
SQL information disclosure, SQL injection in Translatable extension, Cross 
Site Request Forgery in various CMS interfaces, XSS in controller action 
handling

(if someone is motivated one could also assign CVEs to all the old version 
issues)

-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: silverstripe before 2.4.4 Hanno Böck (Jan 03)
- Re: CVE request: silverstripe before 2.4.4 Josh Bressers (Jan 04)