PT-2019-12695 · Silverstripe · Silverstripe

Steve Boyd

Publicado

2019-09-25

Atualizado

2020-08-24

CVE-2019-12204

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SilverStripe versions prior to 4.4

Description The issue arises from a missing warning about leaving install.php in a public webroot, which can lead to unauthenticated admin access.

Recommendations For SilverStripe versions prior to 4.4, remove or restrict access to install.php to prevent unauthenticated admin access.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-12204

GHSA-CG8J-8W52-735V

Produtos afetados

Silverstripe

PT-2019-12695 · Silverstripe · Silverstripe

CVE-2019-12204

Identificadores relacionados

Produtos afetados

Referências · 11