SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure
| EKU-ID: 43067 | CVE: CVE-2013-2653;OSVDB-96035 | OSVDB-ID: |
| Author: Fara Rustein | Published: 2013-08-01 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 43067 | CVE: CVE-2013-2653;OSVDB-96035 | OSVDB-ID: |
| Author: Fara Rustein | Published: 2013-08-01 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/61578/info SilverStripe is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. SilverStripe 3.0.3 is vulnerable; other versions may also be affected. http://<X.X.X.X:Port>/Security/LoginForm?AuthenticationMethod=MemberAuthenticator&Email=<email>&Password=<password>&BackURL=%2Fadmin%2Fpages&action_dologin=Log+in