Vulnerability Details : CVE-2020-26138
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
Vulnerability category: Input validation
Products affected by CVE-2020-26138
- cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:4.6.0:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-26138
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-26138
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2020-26138
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-26138
-
https://www.silverstripe.org/download/security-releases/
Security Releases » SilverStripeVendor Advisory
-
https://www.silverstripe.org/download/security-releases/cve-2020-26138
CVE-2020-26138 FormField with square brackets in field name skips validation » Silverstripe CMSExploit;Vendor Advisory
-
https://forum.silverstripe.org/c/releases
Latest Releases topics - Silverstripe ForumRelease Notes;Vendor Advisory
-
https://www.silverstripe.org/blog/tag/release
Blog - Tagged with release » SilverStripeRelease Notes;Vendor Advisory
Jump to