CVE-2010-4822

Name of the Vulnerable Software and Affected Versions SilverStripe versions 2.4.x through 2.4.3

Description The issue allows remote attackers to obtain SQL queries for a page when the site is running in live mode. This is achieved by exploiting the showqueries and ajax parameters in the core/model/MySQLDatabase.php file.

Recommendations For SilverStripe versions 2.4.x through 2.4.3, update to version 2.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the showqueries and ajax parameters in the core/model/MySQLDatabase.php file until a patch is available.