17 matches found
CVE-2026-24749
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...
EUVD-2026-23275
Silverstripe Assets Module has a DBFile::getURL permission bypass...
Incorrect Authorization
Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...
CVE-2026-24749
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...
CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...
PT-2026-33347
Name of the Vulnerable Software and Affected Versions Silverstripe Assets Module versions prior to 2.4.5 Silverstripe Assets Module versions 3.0.0-rc1 through 3.1.2 Description Images rendered in templates or accessed via 'DBFile::getURL' or 'DBFile::getSourceURL' incorrectly add an access grant ...
SilverStripe Assets Module 安全漏洞
The SilverStripe Assets Module is an asset component of the SilverStripe framework developed by the New Zealand-based company SilverStripe. Versions of the SilverStripe Assets Module prior to 2.4.5, as well as versions 3.0.0-rc1 to 3.1.2, contained security vulnerabilities. These vulnerabilities...
CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS...
EUVD-2020-0534
Malware in sbrugna...
EUVD-2022-6159
Malicious code in bioql PyPI...
CVE-2022-29858
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...
CVE-2019-14273
In SilverStripe assets 4.0, there is broken access control on files...
Cross-site Scripting (XSS)
silverstripe/assets is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the args parameter in regenerateshortcode function...
Unpublished, protected files can be published via shortcode
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to...
GHSA-V68G-62V9-39W5 Unpublished, protected files can be published via shortcode
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to...
Unauthorized Access
silverstripe/assets is vulnerable to unauthorized access. A remote attacker is able to guess and access a filename via the AssetControlExtension due to incorrect access control for protected files uploaded via Upload::loadIntoFile...
SilverStripe assets has an unspecified vulnerability
SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . assets is one of the assets component . silverStripe assets 4.0 version of a security...