Name of the Vulnerable Software and Affected Versions Silverstripe CMS (affected versions not specified)

Description A vulnerability exists in the permission validation for SiteTree object creation, allowing users or unauthenticated guests to create new SiteTree objects in the database if they have CMS access or if another mechanism allows model editing and relies on model-level permission checks. This vulnerability is restricted to the creation of draft or live pages and does not allow users to edit, publish, or unpublish existing pages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.