Description
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21357)
WordPress Plugin WP-Download 'dl_id' Parameter SQL Injection (1.2)
MySQL CVE-2019-3009 Vulnerability (CVE-2019-3009)
WordPress Plugin WP Mail SMTP by WPForms Cross-Site Scripting (1.3.3)
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10321)