Silverstripe Framework vulnerabilities

CVE-2020-9280 [HIGH] CWE-434 SilverStripe Folders migrated from 3.x may be unsafe to upload to SilverStripe Folders migrated from 3.x may be unsafe to upload to In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Com

CVE-2019-14272 [MEDIUM] CWE-79 SilverStripe asset-admin Cross-site Scripting (XSS) SilverStripe asset-admin Cross-site Scripting (XSS) In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.

CVE-2020-9311 [MEDIUM] CWE-79 Silverstripe CMS XSS Vulnerability Silverstripe CMS XSS Vulnerability In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

CVE-2019-12246 [MEDIUM] CWE-352 SilverStripe Denial of Service on flush and development URL tools SilverStripe Denial of Service on flush and development URL tools SilverStripe before 4.4.0 allows a Denial of Service on flush and development URL tools.

CVE-2020-25817 [MEDIUM] CWE-611 SilverStripe XXE Vulnerability in CSSContentParser SilverStripe XXE Vulnerability in CSSContentParser SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML ou

CVE-2019-12205 [MEDIUM] CWE-79 Silverstripe Flash Clipboard Reflected XSS Silverstripe Flash Clipboard Reflected XSS SilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue.

CVE-2019-19326 [MEDIUM] CWE-444 SilverStripe Web Cache Poisoning through HTTPRequestBuilder SilverStripe Web Cache Poisoning through HTTPRequestBuilder SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.

CVE-2012-4968 [LOW] CWE-79 Silverstripe XSS Vulnerabilities Silverstripe XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the `AbsoluteLinks` 1. `BigSummary` 1. `ContextSummary` 1. `EscapeXML` 1. `FirstParagraph` 1. `FirstSentence` 1. `Initial` 1. `LimitCharacters` 1. `LimitSentences` 1. `LimitWordCount` 1. `LimitWordCountXML`

CVE-2019-5715 [CRITICAL] CWE-89 Silverstripe Framework SQLi Vulnerability Silverstripe Framework SQLi Vulnerability All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.

CVE-2017-18049 [MEDIUM] CWE-74 SilverStripe CSV Excel Macro Injection SilverStripe CSV Excel Macro Injection In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.

CVE-2015-5062 [MEDIUM] CWE-601 Silverstripe CMS Open Redirect Silverstripe CMS Open Redirect Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

CVE-2010-1593 [LOW] CWE-79 SilverStripe vulnerable to Cross-site Scripting SilverStripe vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka

CVE-2020-26138 [MEDIUM] CWE-20 FormField with square brackets in field name skips validation FormField with square brackets in field name skips validation FileField with array notation skips validation The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload. PHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced

CVE-2022-0227 [MEDIUM] Business Logic Errors in SilverStripe Framework Business Logic Errors in SilverStripe Framework SilverStripe Framework prior to version 4.10.1 is vulnerable to business logic errors.

CVE-2019-14273 [MEDIUM] CWE-552 Broken access control on files Broken access control on files In SilverStripe assets 4.0, there is broken access control on files.

CVE-2019-19325 [MEDIUM] CWE-78 Reflected XSS in SilverStripe Reflected XSS in SilverStripe SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other

CVE-2019-12204 [CRITICAL] Missing warning can lead to unauthenticated admin access in SilverStripe Missing warning can lead to unauthenticated admin access in SilverStripe In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.

CVE-2019-16409 [MEDIUM] CWE-200 SilverStripe Versioned Files module Unpublished files are exposed publicly SilverStripe Versioned Files module Unpublished files are exposed publicly In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x

CVE-2019-12203 [MEDIUM] CWE-384 Session fixation in change password form Session fixation in change password form SilverStripe through 4.3.3 allows session fixation in the "change password" form.

CVE-2019-12245 [MEDIUM] CWE-732 Lack of access control on upoaded files Lack of access control on upoaded files SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.