CVE-2013-6789

Name of the Vulnerable Software and Affected Versions SilverStripe version 3.0.3

Description The issue allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history. This is due to the support of credentials in a GET request in the security/MemberLoginForm.php file.

Recommendations For SilverStripe version 3.0.3, consider modifying the security/MemberLoginForm.php file to only support credentials in a POST request, or implement an alternative secure method to handle user credentials. As a temporary workaround, restrict access to web-server logs and browser history to minimize the risk of sensitive information disclosure.