www.silverstripe.org Open in urlscan Pro
213.170.156.3  Public Scan

URL: https://www.silverstripe.org/download/security-releases/cve-2022-29858
Submission: On June 29 via api from NL — Scanned from NL

Form analysis 1 forms found in the DOM

<form class="search-form">
  <input autocomplete="off" type="text" size="10" class="search-form__input st-default-search-input" name="search" aria-label="Search SilverStripe" spellcheck="false" placeholder="Search SilverStripe...">
  <button class="search-form__button" type="submit">
    <svg role="img" aria-label="Search" version="1.1" id="SearchIcon" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
      <title>Search</title>
      <desc>Site search</desc>
      <path class="search-svg" d="M445,386.7l-84.8-85.9c13.8-24.1,21-50.9,21-77.9c0-87.6-71.2-158.9-158.6-158.9C135.2,64,64,135.3,64,222.9
	c0,87.6,71.2,158.9,158.6,158.9c27.9,0,55.5-7.7,80.1-22.4l84.4,85.6c1.9,1.9,4.6,3.1,7.3,3.1c2.7,0,5.4-1.1,7.3-3.1l43.3-43.8
	C449,397.1,449,390.7,445,386.7z M222.6,125.9c53.4,0,96.8,43.5,96.8,97c0,53.5-43.4,97-96.8,97c-53.4,0-96.8-43.5-96.8-97
	C125.8,169.4,169.2,125.9,222.6,125.9z"></path>
    </svg>
  </button>
</form>

Text Content

Skip to main content

This site requires you to enable JavaScript. Your browsing experience may not be
as good as with it turned on.

This site requires you to update your browser. Your browsing experience maybe
affected by not having the most up to date version.

Site Navigation




Mobile site navigation
 * Search Site search
 * 

 * Software
    * CMS
    * Framework
    * Addons
    * Hosting
    * Roadmap
    * History
    * BSD License

 * Community
    * Developer directory
    * Showcase
    * Forums
    * Slack
    * Join us
    * Contribute

 * Learn
    * Using the CMS
    * Developer Docs
    * API Docs
    * Lessons

 * Blog
 * Download
    * Addons
    * Security Releases
    * Release Archive
    * Changelog
    * Release process

 * Try

 * 
 * 
 * Open Source
   * Software
     * CMS
       * Screencasts
     * Framework
     * Addons
       * Modules
       * Themes
       * Vendors
       * Authors
       * Tags
       * Submit
       * Supported Modules Definition
       * Commercially Supported Modules
     * Hosting
     * Roadmap
     * History
       * Feedback and reviews
     * BSD License
   * Community
     * Developer directory
     * Showcase
       * New Submission
     * Forums
     * Slack
     * Join us
     * Contribute
       * Designers
       * Community dashboard
       * Github All Open UX issues
   * Learn
     * Using the CMS
     * Developer Docs
     * API Docs
     * Lessons
       * Lessons (v4)
       * Lessons (v3)
   * Blog
   * Download
     * Addons
     * Security Releases
       * CVE-2019-12245: Incorrect access control vulnerability in files
         uploaded to protected folders
       * CVE-2019-12149: Potential SQL injection in restfulserver and registry
         modules
       * CVE-2019-12246: Denial of Service on flush and development URL tools
       * CVE-2019-12437: Cross Site Request Forgery (CSRF) Protection Bypass in
         GraphQL
       * CVE-2019-5715: Reflected SQL Injection through Form and DataObject
       * SS-2018-024: GraphQL does not validate X-CSRF-TOKEN
       * SS-2018-020: Potential SQL vulnerability in PostgreSQL database
         connector
       * SS-2018-019: Possible denial of service attack vector when flushing
       * SS-2018-018: Database credentials disclosure during connection failure
       * SS-2018-017: Possible PHP Object Injection via Multi-Value Field
         Extension
       * SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)
       * SS-2018-015: Vulnerable dependency
       * SS-2018-014: Dangerous file types in allowed upload
       * SS-2018-013: Passwords sent back to browsers under some circumstances
       * SS-2018-012: Uploaded PHP script execution in assets
       * SS-2018-011: SQL injection vulnerability
       * SS-2018-010: Member disclosure in login form
       * SS-2018-008: BackURL validation bypass with malformed URLs
       * SS-2018-007: CSRF vulnerability in graphql
       * SS-2018-007: GraphQL lacks CSRF
       * SS-2018-006: Code execution vulnerability
       * SS-2018-005: isDev and isTest unguarded
       * SS-2018-004: XSS Vulnerability via WYSIWYG editor
       * SS-2018-001: Privilege Escalation Risk in Member Edit form
       * SS-2017-010: install.php discloses sensitive data by pre-populating DB
         credential forms
       * SS-2017-009: Users inadvertently passing sensitive data to LoginAttempt
       * SS-2017-008: SQL injection in full text search of SilverStripe 4
       * SS-2017-007: CSV Excel Macro Injection
       * SS-2017-006: Session user agent change detection
       * SS-2017-005: User enumeration via timing attack on login and password
         reset forms
       * SS-2017-004: XSS in page history comparison
       * SS-2017-003: XSS in RedirectorPage
       * SS-2017-002: Member disclosure in login form
       * SS-2017-001: XSS In page name
       * SS-2016-017: SVG Uploads
       * SS-2016-016: XSS In CMSSecurity BackURL
       * SS-2016-015: XSS In OptionsetField and CheckboxSetField
       * SS-2016-014: Pre-existing alc_enc cookies log users in if remember me
         is disabled
       * SS-2016-013: Member.Name isn't escaped
       * SS-2016-012: Missing ACL on reports
       * SS-2016-011: ChangePasswordForm doesn't check Member::canLogIn()
       * SS-2016-010: ReadOnly transformation for formfields exploitable
       * SS-2016-008: Password encryption salt expiry
       * SS-2016-007: VersionedRequestFilter vulnerability
       * SS-2016-006: Missing CSRF protection in login form
       * SS-2016-005: Brute force bypass on default admin
       * SS-2016-004: XSS in CMS Edit Page
       * SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers
       * SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter
       * SS-2016-001: XSS in CMSController BackURL
       * SS-2015-029: CSRF vulnerability in savetreenodes
       * SS-2015-028: Missing security check on dev/build/defaults
       * SS-2015-027: HtmlEditor embed url sanitisation
       * SS-2015-026: Form field validation message XSS vulnerability
       * SS-2015-025: Request class name exposure on error
       * SS-2015-024: Queued jobs serialised data exposure
       * SS-2015-023: Advanced workflow member field exposure
       * SS-2015-022: XML escape RSSFeed $link parameter
       * SS-2015-021: Hash rewrite URL filtering
       * SS-2015-020: Privilege Escalation Risk in Security Admin
       * SS-2015-019: Leaky draft stage risk
       * SS-2015-018: File upload exposure on UserForms module
       * SS-2015-017: Forum Module CSRF Vulnerability
       * SS-2015-016: XSS in install.php
       * SS-2015-015: XSS in dev/build returnURL Parameter
       * SS-2015-014: Vulnerability on "isDev", "isTest" and "flush" $_GET
         validation
       * SS-2015-013: X-Forwarded-Host request hostname injection
       * SS-2015-012: External redirection risk in Security?ReturnURL
       * SS-2015-011: Potential SQL Injection Vulnerability
       * SS-2015-010: XSS in Director::force_redirect()
       * SS-2015-009: XSS In rewritten hash links
       * SS-2015-008: SiteTree Creation Permission Vulnerability
       * SS-2015-007: XSS In FormAction
       * SS-2015-006: XSS In GridField print
       * SS-2015-005: VirtualPage XSS
       * SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS
       * SS-2015-003: History XSS Vulnerability
       * SS-2015-001: Debug information exposed
       * SS-2014-018
       * SS-2014-017: XML Quadratic Blowup Attack
       * SS-2014-016
       * SS-2014-015: IE requests not properly behaving with rewritehashlinks
       * SS-2014-014
       * SS-2014-013
       * SS-2014-012
       * SS-2014-011
       * SS-2014-010
       * SS-2014-009
       * SS-2014-008
       * SS-2014-007
       * SS-2014-006
       * SS-2014-005
       * SS-2014-004
       * SS-2014-003
       * SS-2014-002
       * SS-2014-001
       * SS-2013-001: Require ADMIN for ?flush=1
       * SS-2013-002: SQL injection in Versioned.php
       * Undefined or empty `$allowed_actions` overrides parent definitions
       * Information exposure through web access on YAML configuration files
       * Information exposure through web access on composer files
       * Require ADMIN permissions for ?showtemplate=1
       * Stored XSS in the "New Group" dialog, XSS in CMS status messages
       * Older releases
       * SS-2013-003: Privilege escalation through Group hierarchy setting
       * SS-2013-004: Privilege escalation through Group and Member CSV upload
       * SS-2013-005: Privilege escalation with APPLY_ROLES
       * SS-2013-006: Information disclosure in Versioned.php
       * SS-2013-007: XSS in CMS "Security" section
       * SS-2013-008: XSS in form validation errors
       * SS-2013-009: XSS in CMS "Pages" section
       * CVE-2019-16409 secureassets and versionedfiles modules can expose
         versions of protected files
       * CVE-2019-14273 Broken Access control on files
       * CVE-2019-12617 Access escalation for CMS users with limited access
         through permission cache pollution
       * CVE-2019-12203 Session fixation in "change password" form
       * CVE-2019-12204 Missing warning on install.php on public webroot can
         lead to unauthenticated admin access
       * CVE-2019-14272 XSS in file titles managed through the CMS
       * CVE-2019-12205 Flash Clipboard Reflected XSS
       * CVE-2019-19325 XSS through non-scalar FormField attributes
       * CVE-2020-6165
       * CVE-2020-9280 Folders migrated from 3.x may be unsafe to upload to
       * CVE-2020-6164
       * CVE-2020-9309
       * CVE-2020-9311
       * CVE-2019-19326
       * CVE-2021-27938
       * CVE-2021-25817
       * CVE-2020-26138
       * CVE-2020-26136
       * CVE-2021-28661
       * CVE-2021-36150
       * CVE-2022-28803
       * CVE-2022-25238
       * CVE-2021-41559
       * CVE-2022-24444
       * CVE-2022-29858
       * CVE-2022-29254
     * Release Archive
     * Changelog
     * Release process
   * Try
 * Company
   * What we do
   * Our work
   * SilverStripe CMS
   * Partners
   * Contact
   * Careers
   * Resources
 * Cloud Platform
   * Features & Benefits
   * Expert Support
   * Private Sector
   * Public Sector
   * Pricing

Site Menu


SILVERSTRIPE

OPEN SOURCE

 * Software
 * Community
 * Learn
 * Blog
 * Download
 * Try

COMPANY

 * What we do
 * Our work
 * SilverStripe CMS
 * Partners
 * Contact
 * Careers
 * Resources

CLOUD PLATFORM

 * Features & Benefits
 * Expert Support
 * Private Sector
 * Public Sector
 * Pricing


CVE-2022-29858 - UNPUBLISHED, PROTECTED FILES CAN BE PUBLISHED VIA SHORTCODE


×
Search Site search



CVE-2022-29858 - UNPUBLISHED, PROTECTED FILES CAN BE PUBLISHED VIA SHORTCODE

Severity: Medium (?) Identifier:CVE-2022-29858 Versions
Affected:silverstripe/assets: <=1.10.0 Versions Fixed:silverstripe/assets:
1.10.1

Draft protected images can be published by changing an existing image shortcode
on website content to match the ID of the draft protected image and then
publishing the website content.

Base CVSS: 4.3

Reported by: ranjit-git via huntr.dev

 

 

 * SilverStripe
 * SilverStripe
 * Open Source
 * Company
 * Cloud Platform

 * facebook
 * Linkedin
 * Twitter
 * GitHub
 * Vimeo
 * 

 * Privacy Policy
 * Branding guidelines
 * BSD License

© SilverStripe Limited