CVE Vulnerabilities

CVE-2010-5093

Published: Aug 26, 2012 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.

Affected Software

Name Vendor Start Version End Version
Silverstripe Silverstripe 2.3.0 (including) 2.3.0 (including)
Silverstripe Silverstripe 2.3.0-rc1 (including) 2.3.0-rc1 (including)
Silverstripe Silverstripe 2.3.0-rc2 (including) 2.3.0-rc2 (including)
Silverstripe Silverstripe 2.3.0-rc3 (including) 2.3.0-rc3 (including)
Silverstripe Silverstripe 2.3.1 (including) 2.3.1 (including)
Silverstripe Silverstripe 2.3.1-rc1 (including) 2.3.1-rc1 (including)
Silverstripe Silverstripe 2.3.1-rc2 (including) 2.3.1-rc2 (including)
Silverstripe Silverstripe 2.3.2 (including) 2.3.2 (including)
Silverstripe Silverstripe 2.3.3 (including) 2.3.3 (including)
Silverstripe Silverstripe 2.3.4 (including) 2.3.4 (including)
Silverstripe Silverstripe 2.3.5 (including) 2.3.5 (including)
Silverstripe Silverstripe 2.3.6 (including) 2.3.6 (including)

References