PT-2013-3870 · Silverstripe · Silverstripe
Fara Rustein
·
Published
2013-11-13
·
Updated
2013-11-13
·
CVE-2013-2653
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SilverStripe version 3.0.3
Description
The issue allows remote attackers to conduct phishing attacks without detection by the victim, as the
security/MemberLoginForm.php in the affected version supports login using a GET request.Recommendations
For SilverStripe version 3.0.3, consider modifying the
security/MemberLoginForm.php to only support login via POST requests to mitigate the risk of phishing attacks.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Silverstripe