6 matches found
CVE-2013-2653
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim...
CVE-2013-2653
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim...
Design/Logic Flaw
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653...
CVE-2013-6789
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653...
SilverStripe CMS 3.0.3 Information Disclosure
SilverStripeR Information Exposure Through Query Strings in GET Request CWE-598 - CVE: CVE-2013-2653 - CWE: CWE-598 - Deloitte Argentina Advisory Code: DTTAR-20130002 - Vendor Status: CONFIRMED - Vendor Disclosure Date: May, 8th, 2013. - Public Disclosure Date: August, 1st, 2013. - Vendors...
CVE-2013-2653
creationtimestamp| type| source ---|---|--- 2013-08-01 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38689...