Fara Denise Rustein

**Name of the Vulnerable Software and Affected Versions** SilverStripe version 3.0.3 **Description** The issue allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history. This is due to the support of credentials in a GET request in the security/MemberLoginForm.php file. **Recommendations** For SilverStripe version 3.0.3, consider modifying the security/MemberLoginForm.php file to only support credentials in a POST request, or implement an alternative secure method to handle user credentials. As a temporary workaround, restrict access to web-server logs and browser history to minimize the risk of sensitive information disclosure.