The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x prior to 2.3.7 does not require ADMIN permissions, which allows remote malicious users to delete index.php and "disrupt mod_rewrite-less URL routing."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
silverstripe silverstripe 2.3.0 |
||
silverstripe silverstripe 2.3.1 |
||
silverstripe silverstripe 2.3.3 |
||
silverstripe silverstripe 2.3.4 |
||
silverstripe silverstripe 2.3.5 |
||
silverstripe silverstripe 2.3.6 |
||
silverstripe silverstripe 2.3.2 |