Lucene search
Veracode Vulnerability DatabaseVERACODE:34859HistoryMar 28, 2022 - 7:07 a.m.
Improper Input Validation
2022-03-2807:07:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
silverstripe
framework
input validation
filefield
vulnerability
malicious attacker
multiple files
EPSS
0.002
Percentile
51.7%
silverstripe/framework is vulnerable to improper input validation. The vulnerability exists in the validate function of FileField.php because FileField does not properly validate single file upload which allows a malicious attacker to upload multiple files by adding square brackets.
References
forum.silverstripe.org/c/releases
github.com/advisories/GHSA-7mv4-4xpg-xq44
github.com/silverstripe/silverstripe-framework/commit/06dbd5237b97891239b2b1334e3c03f08ba70eb0
github.com/silverstripe/silverstripe-framework/releases/tag/4.7.4
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/cve-2020-26138
Related
osv
osv
FormField with square brackets in field name skips validation
2022-03-26 00:14:34
CVE-2020-26138
2021-06-08 18:15:07
BIT-silverstripe-2020-26138
2024-03-06 11:06:33
github
github
FormField with square brackets in field name skips validation
2022-03-26 00:14:34
cvelist
cvelist
CVE-2020-26138
2021-06-08 17:35:06
prion
prion
Input validation
2021-06-08 18:15:00
friendsofphp
friendsofphp
nvd
nvd
CVE-2020-26138
2021-06-08 18:15:07
cve
cve
CVE-2020-26138
2021-06-08 18:15:07