Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.5 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.5AI score0.00398EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 8:40 p.m.8 views

EUVD-2026-23275

Silverstripe Assets Module has a DBFile::getURL permission bypass...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 6:31 p.m.5 views

Incorrect Authorization

Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...

6.9CVSS5.6AI score0.00398EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:8 p.m.2 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 5:8 p.m.7 views

CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.5AI score0.00398EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33347

Name of the Vulnerable Software and Affected Versions Silverstripe Assets Module versions prior to 2.4.5 Silverstripe Assets Module versions 3.0.0-rc1 through 3.1.2 Description Images rendered in templates or accessed via 'DBFile::getURL' or 'DBFile::getSourceURL' incorrectly add an access grant ...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.10 views

SilverStripe Assets Module 安全漏洞

The SilverStripe Assets Module is an asset component of the SilverStripe framework developed by the New Zealand-based company SilverStripe. Versions of the SilverStripe Assets Module prior to 2.4.5, as well as versions 3.0.0-rc1 to 3.1.2, contained security vulnerabilities. These vulnerabilities...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.5 views

CVE-2022-38724

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS...

5.4CVSS7AI score0.00653EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0534

Malware in sbrugna...

5.3CVSS6AI score0.01106EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-6159

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.01156EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 1:16 a.m.10 views

CVE-2022-29858

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...

4.3CVSS7AI score0.01156EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:33 a.m.5 views

CVE-2019-14273

In SilverStripe assets 4.0, there is broken access control on files...

5.3CVSS6.8AI score0.01106EPSS
Exploits0References1
Veracode
Veracode
added 2022/06/30 3:23 a.m.21 views

Cross-site Scripting (XSS)

silverstripe/assets is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the args parameter in regenerateshortcode function...

4.3CVSS5.2AI score0.01156EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/29 10:40 p.m.39 views

Unpublished, protected files can be published via shortcode

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to...

4.3CVSS5.3AI score0.01156EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2022/06/29 10:40 p.m.29 views

GHSA-V68G-62V9-39W5 Unpublished, protected files can be published via shortcode

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to...

4.3CVSS4.6AI score0.01156EPSS
Exploits1References8
Veracode
Veracode
added 2019/11/20 6:22 a.m.19 views

Unauthorized Access

silverstripe/assets is vulnerable to unauthorized access. A remote attacker is able to guess and access a filename via the AssetControlExtension due to incorrect access control for protected files uploaded via Upload::loadIntoFile...

5.3CVSS5.3AI score0.01369EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2019/10/08 12:0 a.m.3 views

SilverStripe assets has an unspecified vulnerability

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . assets is one of the assets component . silverStripe assets 4.0 version of a security...

5.3CVSS6.9AI score0.01106EPSS
Exploits0References1
Rows per page
Query Builder