Lucene search
Veracode Vulnerability DatabaseVERACODE:40461HistoryMay 10, 2023 - 5:24 a.m.
Open Redirect
2023-05-1005:24:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
open redirect
silverstripe/framework
director.php
url restriction
vulnerability
EPSS
0.001
Percentile
32.3%
silverstripe/framework is vulnerable to Open Redirect. The vulnerability exists due to the lack of a validated url restriction in the preg_match parameter of Director.php which allows an attacker to redirect a user to a malicious URL.
References
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
www.silverstripe.org/download/security-releases/cve-2023-22729
Related
osv
osv
Open redirect vulnerability on CMSSecurity relogin screen
2023-04-26 19:46:30
CVE-2023-22729
2023-04-26 15:15:08
friendsofphp
friendsofphp
CVE-2023-22729 - Open redirect vulnerability on CMSSecurity relogin screen
2023-04-25 23:30:41
prion
prion
Design/Logic Flaw
2023-04-26 15:15:00
nvd
nvd
CVE-2023-22729
2023-04-26 15:15:08
cvelist
cvelist
cve
cve
CVE-2023-22729
2023-04-26 15:15:08
github
github
Open redirect vulnerability on CMSSecurity relogin screen
2023-04-26 19:46:30