Unrated severityNVD Advisory· Published Sep 17, 2012· Updated Jun 16, 2026
CVE-2011-4959
CVE-2011-4959
Description
SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*
- (no CPE)range: 2.3.0 - 2.3.11, 2.4.0 - 2.4.5
Patches
Vulnerability mechanics
References
7- github.com/silverstripe/sapphire/commit/73cca09nvdExploitPatch
- github.com/silverstripe/sapphire/commit/ca78784nvdExploitPatch
- github.com/silverstripe/silverstripe-cms/commit/b5ea2f6nvdExploitPatch
- doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12nvdVendor Advisory
- doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6nvdVendor Advisory
- www.openwall.com/lists/oss-security/2012/04/30/1nvd
- www.openwall.com/lists/oss-security/2012/04/30/3nvd
News mentions
0No linked articles in our index yet.