SQL Injection Vulnerability in Translatable.php in SilverStripe 2.3.x and 2.4.x

SQL Injection Vulnerability in Translatable.php in SilverStripe 2.3.x and 2.4.x

CVE-2010-4824 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.

Learn more about our Web Application Penetration Testing UK.