Member_ProfileForm in security/Member.php in SilverStripe 2.3.x prior to 2.3.7 allows remote malicious users to hijack user accounts by saving data using the email address (ID) of another user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
silverstripe silverstripe 2.3.0 |
||
silverstripe silverstripe 2.3.5 |
||
silverstripe silverstripe 2.3.1 |
||
silverstripe silverstripe 2.3.2 |
||
silverstripe silverstripe 2.3.3 |
||
silverstripe silverstripe 2.3.4 |
||
silverstripe silverstripe 2.3.6 |