6.6 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.4%
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7
open.silverstripe.org/changeset/100744
www.openwall.com/lists/oss-security/2012/04/30/1
www.openwall.com/lists/oss-security/2012/04/30/3
www.openwall.com/lists/oss-security/2012/05/01/3
www.silverstripe.org/security-releases