VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Sep 17, 2012· Updated Apr 29, 2026

CVE-2011-4961

CVE-2011-4961

Description

SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups.

Affected products

18
  • Silverstripe/Silverstripe18 versions
    cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*

Patches

1
de1f070
https://github.com/silverstripe/sapphirevia nvd-ref
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.