silverstripeCMS Permissions Privileges and Access Controls Vulnerability - CVE-2010-5078 - Vulnerability Database

silverstripeCMS Permissions Privileges and Access Controls Vulnerability - CVE-2010-5078

Medium

Reference: CVE-2010-5078

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-5078

Title: silverstripeCMS Permissions Privileges and Access Controls Vulnerability

Overview:

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.