Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SilverStripe 信息泄露漏洞
Vulnerability Description
SilverStripe是新西兰SilverStripe公司的一套开源的编程框架和内容管理系统 (CMS)。该系统具有支持多国语言、跨平台等特点。 SilverStripe 3.0.3版本中的security/MemberLoginForm.php脚本中存在信息泄露漏洞。该漏洞源于程序支持GET请求中的证书。远程或本地攻击者可通过读取Web服务访问日志,Web服务器Referer日志或浏览历史利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A