PT-2015-6760 · Silverstripe · Silverstripe/Framework

Hyp3Rlinx

Published

2015-06-24

Updated

2022-05-14

CVE-2015-5062

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SilverStripe CMS & Framework version 3.1.13

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved by manipulating a URL in the returnURL parameter to the /dev/build API endpoint.

Recommendations For SilverStripe CMS & Framework version 3.1.13, consider restricting access to the returnURL parameter in the /dev/build API endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the returnURL parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2015-5062

GHSA-FH35-P8PH-P545

Affected Products

Silverstripe/Framework

PT-2015-6760 · Silverstripe · Silverstripe/Framework

CVE-2015-5062

Weakness Enumeration

Related Identifiers

Affected Products

References · 9