Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

silverstripeCMS Improper Authentication Vulnerability (CVE-2020-26136)

Description

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.

Remediation

References

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1161)

WordPress Plugin Simple File List Arbitrary File Upload (4.2.2)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-26934)

WordPress Plugin Secure Copy Content Protection and Content Locking SQL Injection (2.6.6)

Moodle Improper Input Validation Vulnerability (CVE-2019-3847)

Severity

Medium

Classification

CVE-2020-26136 CWE-287 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities