CVE-2010-5087

Name of the Vulnerable Software and Affected Versions SilverStripe versions 2.3.x through 2.3.9 SilverStripe versions 2.4.x through 2.4.3

Description The issue allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators. This is achieved via vectors related to "form action requests" using a controller.

Recommendations For SilverStripe versions 2.3.x through 2.3.9, update to version 2.3.10 to resolve the issue. For SilverStripe versions 2.4.x through 2.4.3, update to version 2.4.4 to resolve the issue.