Lucene search
PRIOn knowledge basePRION:CVE-2020-6164HistoryJul 15, 2020 - 9:15 p.m.
Path traversal
2020-07-1521:15:00
PRIOn knowledge base
www.prio-n.com
3
0.003 Low
EPSS
Percentile
65.4%
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe | ge | 4.5.0 | |
| silverstripe | lt | 4.5.4 | |
| silverstripe | ge | 4.0.0 | |
| silverstripe | lt | 4.4.7 | |
| silverstripe | le | 3.0.0 |
Related
osv
osv
Silverstripe CMS information disclosure
2022-05-24 17:23:41
CVE-2020-6164
2020-07-15 21:15:13
BIT-silverstripe-2020-6164
2024-03-06 11:06:22
nvd
nvd
CVE-2020-6164
2020-07-15 21:15:13
cvelist
cvelist
CVE-2020-6164
2020-07-15 20:32:16
veracode
veracode
Information Disclosure
2024-06-25 09:49:39
github
github
Silverstripe CMS information disclosure
2022-05-24 17:23:41
cve
cve
CVE-2020-6164
2020-07-15 21:15:13
friendsofphp
friendsofphp
CVE-2020-6164: Information disclosure on /interactive URL path
2020-07-10 15:03:00