chillu/silverstripe-framework

chillu/silverstripe-framework

silverstripe.org

Releases108

Frequency2 weeks 4 days

Last Release about 13 years ago

Stars3

SilverStripe's Sapphire Framework

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2013-6789 ↗	Nov 13, 2013Wednesday, 13 November 2013, 00:55	—	5 MEDIUM
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.
CVE-2013-2653 ↗	Nov 13, 2013Wednesday, 13 November 2013, 00:55	—	5.8 MEDIUM
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.