SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
silverstripe silverstripe 2.3.1 |
||
silverstripe silverstripe 2.3.2 |
||
silverstripe silverstripe 2.3.9 |
||
silverstripe silverstripe 2.3.5 |
||
silverstripe silverstripe 2.3.6 |
||
silverstripe silverstripe 2.3.3 |
||
silverstripe silverstripe 2.3.4 |
||
silverstripe silverstripe 2.3.0 |
||
silverstripe silverstripe 2.3.7 |
||
silverstripe silverstripe 2.3.8 |
||
silverstripe silverstripe 2.4.0 |
||
silverstripe silverstripe 2.4.3 |
||
silverstripe silverstripe 2.4.1 |
||
silverstripe silverstripe 2.4.2 |