Shodan
Vulnerabilities
Vulnerable Software
Silverstripe:  >> Silverstripe  >> 4.0.7  Security Vulnerabilities
CVE-2019-12437
In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
CVSS Score
8.8
EPSS Score
0.002
Published
2020-02-19
CVE-2019-12246
SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-02-19
CVE-2019-12617
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
CVSS Score
2.7
EPSS Score
0.003
Published
2019-09-26
CVE-2019-12203
SilverStripe through 4.3.3 allows session fixation in the "change password" form.
CVSS Score
6.3
EPSS Score
0.001
Published
2019-09-25
CVE-2019-12205
SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-09-25
CVE-2019-12245
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-09-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved