Описание
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.
Ссылки
- Exploit
- Patch
- Exploit
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:silverstripe:silverstripe:3.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00279
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
debian
около 12 лет назад
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credential ...
github
больше 3 лет назад
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.
EPSS
Процентиль: 51%
0.00279
Низкий
5 Medium
CVSS2
Дефекты
CWE-200