PT-2019-12695 · Silverstripe · Silverstripe

Steve Boyd

Published

2019-09-25

Updated

2020-08-24

CVE-2019-12204

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SilverStripe versions prior to 4.4

Description The issue arises from a missing warning about leaving install.php in a public webroot, which can lead to unauthenticated admin access.

Recommendations For SilverStripe versions prior to 4.4, remove or restrict access to install.php to prevent unauthenticated admin access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-12204

GHSA-CG8J-8W52-735V

Affected Products

Silverstripe

PT-2019-12695 · Silverstripe · Silverstripe

CVE-2019-12204

Related Identifiers

Affected Products

References · 11