CVE-2010-5187

Name of the Vulnerable Software and Affected Versions SilverStripe versions 2.3.x through 2.3.7 SilverStripe versions 2.4.x through 2.4.0

Description The issue allows remote attackers to obtain sensitive information via a direct request to PHP files in the sapphire, cms, or mysite folders, which reveals the installation path in an error message. This occurs when running on servers with certain configurations.

Recommendations For SilverStripe versions 2.3.x through 2.3.7, update to version 2.3.8 to resolve the issue. For SilverStripe versions 2.4.x through 2.4.0, update to version 2.4.1 to resolve the issue.