Description

security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.

Remediation

References

CVE-2013-6789

Related Vulnerabilities

WordPress Plugin MailPoet Newsletters (Previous) Arbitrary File Upload (2.6.7)

PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-10546)

WordPress Plugin Coming Soon, Under Construction & Maintenance Mode By Dazzler Cross-Site Scripting (1.6.6)

WordPress Plugin Disc Golf Manager PHP Object Injection (1.0.0)

WordPress Plugin WP-Cumulus 'tagcloud.swf' Cross-Site Scripting (1.22)

Severity

Medium

Classification

CVE-2013-6789 CWE-200

Tags

Missing Update Known Vulnerabilities