CVE-2022-42949

Name of the Vulnerable Software and Affected Versions Silverstripe silverstripe/subsites versions through 2.6.0

Description The subsites module can weaken edit restrictions on some files, allowing a malicious user to edit files they do not have edit rights to. This issue only affects projects with the subsites module installed. It is important to note that the separation of content achieved with the subsites module should be viewed as cosmetic and not appropriate for security-critical applications.

Recommendations For versions through 2.6.0, consider disabling the subsites module until a patch is available to prevent malicious users from editing files they do not have edit rights to. Restrict access to custom file logic to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.