PT-2012-1337 · Silverstripe · Silverstripe
Publicado
2012-08-26
·
Atualizado
2012-08-27
·
CVE-2010-5094
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
SilverStripe versions 2.3.x through 2.3.6
Description
The issue concerns the deleteinstallfiles function in control/ContentController.php, which does not require ADMIN permissions. This allows remote attackers to delete index.php, disrupting mod rewrite-less URL routing.
Recommendations
For SilverStripe versions 2.3.x through 2.3.6, update to version 2.3.7 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Silverstripe