Information Disclosure Vulnerability in SilverStripe 2.3.x and 2.4.x

Information Disclosure Vulnerability in SilverStripe 2.3.x and 2.4.x

CVE-2010-5187 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message.

Learn more about our Cis Benchmark Audit For Server Software.