exploitDog

CVE-2020-26138

Опубликовано: 08 июн. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.

Ссылки

https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://www.silverstripe.org/blog/tag/release
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Vendor Advisory
https://www.silverstripe.org/download/security-releases/cve-2020-26138
Exploit
Vendor Advisory
https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://www.silverstripe.org/blog/tag/release
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Vendor Advisory
https://www.silverstripe.org/download/security-releases/cve-2020-26138
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*

Версия до 4.6.0 (исключая)

cpe:2.3:a:silverstripe:silverstripe:4.6.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00292

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-7mv4-4xpg-xq44

CVSS3: 5.3

github

почти 4 года назад

FormField with square brackets in field name skips validation

EPSS

Процентиль: 52%

0.00292

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20