CVE-2010-4824
EUVD-2010-478917.09.2012, 17:55
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| silverstripe | silverstripe | 2.3.0 |
| silverstripe | silverstripe | 2.3.1 |
| silverstripe | silverstripe | 2.3.2 |
| silverstripe | silverstripe | 2.3.3 |
| silverstripe | silverstripe | 2.3.4 |
| silverstripe | silverstripe | 2.3.5 |
| silverstripe | silverstripe | 2.3.6 |
| silverstripe | silverstripe | 2.3.7 |
| silverstripe | silverstripe | 2.3.8 |
| silverstripe | silverstripe | 2.3.9 |
| silverstripe | silverstripe | 2.4.0 |
| silverstripe | silverstripe | 2.4.1 |
| silverstripe | silverstripe | 2.4.2 |
| silverstripe | silverstripe | 2.4.3 |
𝑥
= Vulnerable software versions
References