Lucene search
Veracode Vulnerability DatabaseVERACODE:38542HistoryDec 20, 2022 - 8:46 a.m.
Privilege Escalation
2022-12-2008:46:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
privilege escalation
silverstripe subsites
file edit privileges
sensitive files modification
EPSS
0.001
Percentile
34.5%
silverstripe/subsites is vulnerable to privilege escalation. The vulnerability exists in FileSubsites.php due to the lack of validation in file edit privileges, which allows an attacker to modify sensitive files inside the system.
References
github.com/advisories/GHSA-cx45-565q-6qx8
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/subsites/CVE-2022-42949.yaml
github.com/silverstripe/silverstripe-subsites/commit/73f3d15bfb90ba779dd5498fcc5ae4ab292d6272
github.com/silverstripe/silverstripe-subsites/pull/498
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/cve-2022-42949
Related
prion
prion
Design/Logic Flaw
2022-12-21 00:15:00
friendsofphp
friendsofphp
CVE-2022-42949 - Subsite weakens file permissions
2022-12-18 22:37:00
osv
osv
SilverStripe Subsite weakens file permissions
2022-12-19 18:19:11
CVE-2022-42949
2022-12-21 00:15:10
cvelist
cvelist
CVE-2022-42949
2022-12-20 00:00:00
nvd
nvd
CVE-2022-42949
2022-12-21 00:15:10
cve
cve
CVE-2022-42949
2022-12-21 00:15:10
github
github
SilverStripe Subsite weakens file permissions
2022-12-19 18:19:11