What is the severity of CVE-2010-5093?

CVE-2010-5093 is considered a high severity vulnerability due to the potential for account hijacking by remote attackers.

How do I fix CVE-2010-5093?

To fix CVE-2010-5093, upgrade SilverStripe to version 2.3.7 or later, where the vulnerability has been patched.

Who is affected by CVE-2010-5093?

Users of SilverStripe 2.3.x versions before 2.3.7 are affected by CVE-2010-5093.

When was CVE-2010-5093 discovered?

CVE-2010-5093 was identified as a vulnerability in the SilverStripe framework and reported in 2010.

Vulnerability/
CVE-2010-5093

medium

CWE

264

26/8/2012

27/8/2012

CVE-2010-5093

First published: Sun Aug 26 2012(Updated: )

Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
SilverStripe CMS	=2.3.0
SilverStripe CMS	=2.3.0-rc1
SilverStripe CMS	=2.3.0-rc2
SilverStripe CMS	=2.3.0-rc3
SilverStripe CMS	=2.3.1
SilverStripe CMS	=2.3.1-rc1
SilverStripe CMS	=2.3.1-rc2
SilverStripe CMS	=2.3.2
SilverStripe CMS	=2.3.3
SilverStripe CMS	=2.3.4
SilverStripe CMS	=2.3.5
SilverStripe CMS	=2.3.6

Remedy

http://open.silverstripe.org/changeset/100744

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-5093?
CVE-2010-5093 is considered a high severity vulnerability due to the potential for account hijacking by remote attackers.
How do I fix CVE-2010-5093?
To fix CVE-2010-5093, upgrade SilverStripe to version 2.3.7 or later, where the vulnerability has been patched.
Who is affected by CVE-2010-5093?
Users of SilverStripe 2.3.x versions before 2.3.7 are affected by CVE-2010-5093.
What does CVE-2010-5093 allow attackers to do?
CVE-2010-5093 allows attackers to hijack user accounts by saving data using another user's email address.
When was CVE-2010-5093 discovered?
CVE-2010-5093 was identified as a vulnerability in the SilverStripe framework and reported in 2010.

agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/first-publish-date
agent/remedy
agent/softwarecombine
agent/last-modified-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/event
agent/description
vendor/silverstripe
canonical/silverstripe cms
version/silverstripe cms/2.3.0
version/silverstripe cms/2.3.0-rc1
version/silverstripe cms/2.3.0-rc2
version/silverstripe cms/2.3.0-rc3
version/silverstripe cms/2.3.1
version/silverstripe cms/2.3.1-rc1
version/silverstripe cms/2.3.1-rc2
version/silverstripe cms/2.3.2
version/silverstripe cms/2.3.3
version/silverstripe cms/2.3.4
version/silverstripe cms/2.3.5
version/silverstripe cms/2.3.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.