CVE-2020-9309
SilverStripe CMS up to version 4.5 is vulnerable to script execution via malicious upload contents, when files with allowed extensions are stored as protected or draft and MIME detection causes browsers to run the file contents. Affected component/file: uploads handling (protected/draft state) an...