Unauthenticated Admin Access in SilverStripe by SilverStripe
CVE-2019-12204

9.8CRITICAL

Key Information:

Vendor

Silverstripe

Status
Silverstripe
Vendor
CVE Published:
25 September 2019

What is CVE-2019-12204?

In SilverStripe versions up to 4.3.3, a security oversight allows unauthenticated users to gain admin access if the install.php file is left accessible in the public webroot. This could potentially compromise the application, making it critical to ensure that such installation files are secured or removed after use.

References

https://www.silverstripe.org/download/security-releases/
x_refsource_MISC
https://forum.silverstripe.org/c/releases
x_refsource_MISC
https://www.silverstripe.org/download/security-releases/C...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.