SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to form action requests using a controller.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Silverstripe | Silverstripe | 2.3.4 | 2.3.4 |
Silverstripe | Silverstripe | 2.3.0 | 2.3.0 |
Silverstripe | Silverstripe | 2.3.7 | 2.3.7 |
Silverstripe | Silverstripe | 2.3.10 | 2.3.10 |
Silverstripe | Silverstripe | 2.3.1 | 2.3.1 |
Silverstripe | Silverstripe | 2.3.0 | 2.3.0 |
Silverstripe | Silverstripe | 2.3.3 | 2.3.3 |
Silverstripe | Silverstripe | 2.3.8 | 2.3.8 |
Silverstripe | Silverstripe | 2.3.1 | 2.3.1 |
Silverstripe | Silverstripe | 2.3.1 | 2.3.1 |
Silverstripe | Silverstripe | 2.3.5 | 2.3.5 |
Silverstripe | Silverstripe | 2.3.9 | 2.3.9 |
Silverstripe | Silverstripe | 2.3.6 | 2.3.6 |
Silverstripe | Silverstripe | 2.3.0 | 2.3.0 |
Silverstripe | Silverstripe | 2.3.2 | 2.3.2 |
Silverstripe | Silverstripe | 2.3.0 | 2.3.0 |