CVE-2023-32302

CVE-2023-32302

Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.

Source: CVE-2023-32302

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다