Vulnerability Details CVE-2019-12204
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://forum.silverstripe.org/c/releases
- https://www.silverstripe.org/download/security-releases/
- https://www.silverstripe.org/download/security-releases/CVE-2019-12204
- https://forum.silverstripe.org/c/releases
- https://www.silverstripe.org/download/security-releases/
- https://www.silverstripe.org/download/security-releases/CVE-2019-12204
Products affected by CVE-2019-12204
-
cpe:2.3:a:silverstripe:silverstripe:4.1.0
-
cpe:2.3:a:silverstripe:silverstripe:4.1.1
-
cpe:2.3:a:silverstripe:silverstripe:4.1.2
-
cpe:2.3:a:silverstripe:silverstripe:4.1.3
-
cpe:2.3:a:silverstripe:silverstripe:4.1.4
-
cpe:2.3:a:silverstripe:silverstripe:4.1.5
-
cpe:2.3:a:silverstripe:silverstripe:4.2.0
-
cpe:2.3:a:silverstripe:silverstripe:4.2.1
-
cpe:2.3:a:silverstripe:silverstripe:4.2.2
-
cpe:2.3:a:silverstripe:silverstripe:4.2.3
-
cpe:2.3:a:silverstripe:silverstripe:4.2.4
-
cpe:2.3:a:silverstripe:silverstripe:4.2.5
-
cpe:2.3:a:silverstripe:silverstripe:4.3.0
-
cpe:2.3:a:silverstripe:silverstripe:4.3.1
-
cpe:2.3:a:silverstripe:silverstripe:4.3.2
-
cpe:2.3:a:silverstripe:silverstripe:4.3.3