PT-2024-13800 · Silverstripe · Silverstripe/Admin

🗓️ 23 Jan 2024 00:00:00Reported by Positive TechnologiesType

Silverstripe Admin: create-permitted users can edit or delete via CSV import in ModelAdmin; upgrade to fixed versions.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-49783	23 Jan 202415:26	–	circl
CNNVD	SilverStripe Admin Security Vulnerability	23 Jan 202400:00	–	cnnvd
CVE	CVE-2023-49783	23 Jan 202413:54	–	cve
Cvelist	CVE-2023-49783 No permission checks for editing/deleting records with CSV import form	23 Jan 202413:54	–	cvelist
EUVD	EUVD-2024-0373	3 Oct 202520:07	–	euvd
Friends Of PHP	CVE-2023-49783 No permission checks for editing or deleting records with CSV import form	23 Jan 202403:15	–	friendsofphp
Github Security Blog	No permission checks for editing/deleting records with CSV import form	23 Jan 202420:09	–	github
NVD	CVE-2023-49783	23 Jan 202414:15	–	nvd
OSV	CVE-2023-49783 No permission checks for editing/deleting records with CSV import form	23 Jan 202413:54	–	osv
OSV	GHSA-J3M6-GVM8-MHVW No permission checks for editing/deleting records with CSV import form	23 Jan 202420:09	–	osv

Source	Link
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2023-49783.yaml
github	www.github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-j3m6-gvm8-mhvw
osv	www.osv.dev/vulnerability/CVE-2023-49783
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-49783
osv	www.osv.dev/vulnerability/GHSA-j3m6-gvm8-mhvw
silverstripe	www.silverstripe.org/download/security-releases/CVE-2023-49783
github	www.github.com/silverstripe/silverstripe-admin/commit/9693130a0a637cdf512277cf5f07e83250b191db
github	www.github.com/silverstripe/silverstripe-admin
t	www.t.me/cvenotify/69712
t	www.t.me/cvenotify/68373

02 Feb 2024 00:00Current

4.3Medium risk

Vulners AI Score4.3

CVSS 3.14.3

EPSS0.00146

SSVC