Description
SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php.
Remediation
References
Related Vulnerabilities
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5540)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-18033)
WordPress Plugin Bricks Remote Code Execution (1.9.6)
MyBB Cryptographic Issues Vulnerability (CVE-2010-4626)
TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509)