3 matches found
GHSA-QM2J-QVQ3-J29V Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Impact If a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the record's title can be accessed by that user. Base CVSS: 4.3 Reported by: Nick K - LittleMonkey, littlemonkey.co.nz References -...
PT-2020-18975 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe version 4.5.0 Description: The issue allows attackers to read certain records that should not have been placed into a result set. This is due to the automatic permission-checking mechanism in the silverstripe/graphql module not...
Contao Unauthorized Access Vulnerability
Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . An unauthorized access vulnerability exists in Contao, which can be exploited by an attacker to view records that are not open to the attacker...