4 matches found
Code Injection
silverstripe/framework is vulnerable to Code Injection. The vulnerability is due to the improper handling of associative arrays in the second argument of renderWith, where unsanitized user input can be passed directly as a value...
GHSA-VGXH-X8JV-HMFF silverstripe/framework code execution vulnerability
There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...
silverstripe/framework code execution vulnerability
There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...
PT-2024-40477 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe Framework affected versions not specified Description: The issue allows arbitrary global functions to be executed if malicious user input is passed through as the second argument of ViewableData::renderWith. This occurs when the...