Unrestricted Upload

Affecting silverstripe/framework package, versions >=3.6.5, <3.6.6 || >=4.0.3, <4.0.4 || >=4.1.0, <4.1.1

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.

Affected versions of this package are vulnerable to Unrestricted Upload. Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default configuration. Since allowed_extensions are synced to webserver configuration (in assets/.htaccess) automatically, this will also deny access to any existing uploads with these extensions.

Remediation

Upgrade silverstripe/framework to version 3.6.6, 4.0.4, 4.1.1 or higher.

References

CVSS Score

9.8
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Credit
Insomnia Security
CWE
CWE-434
Snyk ID
SNYK-PHP-SILVERSTRIPEFRAMEWORK-546516
Disclosed
05 Feb, 2020
Published
05 Feb, 2020