Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

silverstripeCMS Files or Directories Accessible to External Parties Vulnerability (CVE-2019-14273)

Description

In SilverStripe assets 4.0, there is broken access control on files.

Remediation

References

Related Vulnerabilities

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Security Bypass (2.0.13)

Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813)

OpenSSL Memory Allocation with Excessive Size Value Vulnerability (CVE-2025-66199)

Apache Tomcat Configuration Vulnerability (CVE-2010-4312)

Atlassian Jira CVE-2019-20403 Vulnerability (CVE-2019-20403)

Severity

Medium

Classification

CVE-2019-14273 CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities