4 matches found
No permission checks for editing/deleting records with CSV import form
Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783
CVE-2023-49783 affects SilverStripe Admin. In 1.x before 1.13.19 and 2.x before 2.1.8, users who lack edit/delete permissions for ModelAdmin records can still edit/delete records via the CSV import form if they have create permissions. The issue can enable unintended record modification, though t...
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...