Name of the Vulnerable Software and Affected Versions: silverstripe-userforms versions prior to 3.0.0 silverstripe-userforms version 3.0.0 when used with silverstripe-secureassets module

Description: The issue allows CMS administrators to create public-facing forms with file upload abilities, which can lead to predictable public paths for uploaded files unless configured otherwise. Certain actions by CMS authors can expose the file path, such as submission notification emails containing links to the file without authorization checks.

Recommendations: For silverstripe-userforms versions prior to 3.0.0, consider disabling the file upload field to prevent exploitation until a secure configuration can be applied. For silverstripe-userforms version 3.0.0 used with the silverstripe-secureassets module, ensure that all upload fields point to secured folders to apply secure permissions automatically. As a temporary workaround, consider restricting access to the submission notification emails or disabling the links to uploaded files within these emails until a more secure configuration is implemented.