Lucene search
K

4 matches found

Veracode
Veracode
added 2024/05/29 5:38 a.m.10 views

Improper Authentication

Silverstripe/framework is vulnerable to Improper Authentication. The vulnerability is caused by improper user permission checks to verify if a user can login via the Member::canLogIn method, allowing an attacker to gain access to unapproved or revoked users by resetting the password...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/27 6:36 p.m.11 views

silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`

After performing a password reset, ChangePasswordForm::doChangePassword logs in the user without checking Member::canLogIn. This presents an issue for sites that are using the extension point in that method to deny access to users for example members that have not been “approved”, or members that...

7.2AI score
Exploits0References7Affected Software1
OSV
OSV
added 2024/05/27 6:36 p.m.9 views

GHSA-P5H2-VR99-XM99 silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`

After performing a password reset, ChangePasswordForm::doChangePassword logs in the user without checking Member::canLogIn. This presents an issue for sites that are using the extension point in that method to deny access to users for example members that have not been “approved”, or members that...

4.3CVSS7.2AI score
Exploits0References7
Friends Of PHP
Friends Of PHP
added 2015/03/20 7:29 p.m.8 views

SS-2016-011: ChangePasswordForm does not check Member::canLogIn()

More info at https://www.silverstripe.org/download/security-releases/ss-2016-011/...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder