Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/framework@4.2.0

Type composer

Namespace silverstripe

Name framework

Version 4.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.5.4

Latest_non_vulnerable_version 5.3.23

Affected_by_vulnerabilities

url VCID-1mmc-91gk-r3d3

vulnerability_id VCID-1mmc-91gk-r3d3

summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.55549
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url

https://www.silverstripe.org/download/security-releases/ss-2018-021

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2018-021

fixed_packages

url pkg:composer/silverstripe/framework@4.2.4

purl pkg:composer/silverstripe/framework@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

vulnerability	VCID-z94y-nz4f-y7er

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4

url pkg:composer/silverstripe/framework@4.3.1

purl pkg:composer/silverstripe/framework@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6nm-cphj-wfgw

vulnerability	VCID-cmwn-cjff-9qau

vulnerability	VCID-nute-ndg2-z7ev

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-r1eg-dwej-5kau

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-xg74-3h1h-kqaf

vulnerability	VCID-y8et-m846-2fc6

vulnerability	VCID-ytbc-8mhd-b3fc

vulnerability	VCID-z94y-nz4f-y7er

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1

aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3

url VCID-b6nm-cphj-wfgw

vulnerability_id VCID-b6nm-cphj-wfgw

summary

Improper Privilege Management
In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12617

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53948
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12617

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12617

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12617

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12617

reference_id

CVE-2019-12617

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12617

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12617

reference_id

CVE-2019-12617

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12617

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw

url VCID-cmwn-cjff-9qau

vulnerability_id VCID-cmwn-cjff-9qau

summary

Session Fixation
SilverStripe allows session fixation in the "change password" form.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12203

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17108
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12203

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12203

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12203

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12203

reference_id

CVE-2019-12203

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12203

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12203

reference_id

CVE-2019-12203

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12203

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau

url VCID-nute-ndg2-z7ev

vulnerability_id VCID-nute-ndg2-z7ev

summary

Cross-site Scripting
SilverStripe has Flash Clipboard Reflected XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12205

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59631
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12205

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml

reference_url

https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12205

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12205

reference_id

CVE-2019-12205

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12205

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12205

reference_id

CVE-2019-12205

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12205

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev

url VCID-nzcm-xbxx-wyf9

vulnerability_id VCID-nzcm-xbxx-wyf9

summary

SilverStripe Versioned Files module Unpublished files are exposed publicly
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16409

reference_id

reference_type

scores

value	0.00298
scoring_system	epss
scoring_elements	0.53437
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16409

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/symbiote/silverstripe-versionedfiles

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symbiote/silverstripe-versionedfiles

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16409

reference_id

CVE-2019-16409

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16409

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-16409

reference_id

CVE-2019-16409

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-16409

reference_url	https://www.silverstripe.org/download/security-releases/cve-2019-16409/
reference_id	CVE-2019-16409
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2019-16409/

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml

reference_id

CVE-2019-16409.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-16409.yaml

reference_url	https://github.com/advisories/GHSA-xm6j-x342-gwq9
reference_id	GHSA-xm6j-x342-gwq9
reference_type
scores
url	https://github.com/advisories/GHSA-xm6j-x342-gwq9

fixed_packages

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-16409, GHSA-xm6j-x342-gwq9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcm-xbxx-wyf9

url VCID-r1eg-dwej-5kau

vulnerability_id VCID-r1eg-dwej-5kau

summary

Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12437

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.41982
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12437

reference_url	https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url	https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml

reference_url

https://github.com/silverstripe/silverstripe-graphql

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql

reference_url

https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c

reference_url

https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff

reference_url	https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url	https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12437

reference_id

CVE-2019-12437

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12437

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12437

reference_id

CVE-2019-12437

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12437

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

aliases CVE-2019-12437, GHSA-fx37-56v6-85q6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau

url VCID-ru3j-21j8-ayhm

vulnerability_id VCID-ru3j-21j8-ayhm

summary

Unrestricted Upload of File with Dangerous Type
In SilverStripe, files uploaded via Forms to folders migrated from Silverstripe may be put to the default `/Uploads` folder instead.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9280

reference_id

reference_type

scores

value	0.00386
scoring_system	epss
scoring_elements	0.60093
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9280

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2020-9280.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2020-9280.yaml

reference_url

https://github.com/silverstripe/silverstripe-assets/commit/6779fd3c8c1c05a3db5035bf6e541c9483d161fc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-assets/commit/6779fd3c8c1c05a3db5035bf6e541c9483d161fc

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-userforms/commit/3bbad2044279ade5e5a5d0ae1822bafe479f8a26

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-userforms/commit/3bbad2044279ade5e5a5d0ae1822bafe479f8a26

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9280

reference_id

CVE-2020-9280

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9280

reference_url

https://www.silverstripe.org/download/security-releases/cve-2020-9280

reference_id

CVE-2020-9280

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2020-9280

fixed_packages

url pkg:composer/silverstripe/framework@4.4.6

purl pkg:composer/silverstripe/framework@4.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.6

url pkg:composer/silverstripe/framework@4.5.1

purl pkg:composer/silverstripe/framework@4.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.1

aliases CVE-2020-9280, GHSA-592m-4533-rxq9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ru3j-21j8-ayhm

url VCID-xg74-3h1h-kqaf

vulnerability_id VCID-xg74-3h1h-kqaf

summary

Uncontrolled Resource Consumption
SilverStripe allows a Denial of Service on flush and development URL tools.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12246

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.35994
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12246

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12246

reference_id

CVE-2019-12246

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12246

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12246

reference_id

CVE-2019-12246

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12246

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.4.0

purl pkg:composer/silverstripe/framework@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0

aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf

url VCID-y8et-m846-2fc6

vulnerability_id VCID-y8et-m846-2fc6

summary

Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12245

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.49005
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12245

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12245

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12245

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12245

reference_id

CVE-2019-12245

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12245

reference_url	https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id	CVE-2019-12245
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2019-12245/

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12245

reference_id

CVE-2019-12245

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12245

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml

reference_id

CVE-2019-12245.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml

reference_url	https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
reference_id	GHSA-jvx5-rm6q-gx7p
reference_type
scores
url	https://github.com/advisories/GHSA-jvx5-rm6q-gx7p

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url	pkg:composer/silverstripe/framework@4.3.6
purl	pkg:composer/silverstripe/framework@4.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dt7-nc8t-nqgh

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6

url VCID-ytbc-8mhd-b3fc

vulnerability_id VCID-ytbc-8mhd-b3fc

summary

Information Exposure
In SilverStripe, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-6164

reference_id

reference_type

scores

value	0.00703
scoring_system	epss
scoring_elements	0.72448
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-6164

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml

reference_url

https://github.com/silverstripe/silverstripe-cms

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-cms

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-6164

reference_id

CVE-2020-6164

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-6164

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2020-6164

reference_id

CVE-2020-6164

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2020-6164

fixed_packages

url pkg:composer/silverstripe/framework@4.4.7

purl pkg:composer/silverstripe/framework@4.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7

url pkg:composer/silverstripe/framework@4.5.0-alpha1

purl pkg:composer/silverstripe/framework@4.5.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1

url	pkg:composer/silverstripe/framework@4.5.4
purl	pkg:composer/silverstripe/framework@4.5.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4

aliases CVE-2020-6164, GHSA-gm5x-hpmw-xpxg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytbc-8mhd-b3fc

url VCID-z94y-nz4f-y7er

vulnerability_id VCID-z94y-nz4f-y7er

summary

Improper Privilege Management
In SilverStripe, a missing warning about leaving `install.php` in a public webroot can lead to unauthenticated admin access.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12204

reference_id

reference_type

scores

value	0.00832
scoring_system	epss
scoring_elements	0.74941
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12204

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12204.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12204.yaml

reference_url

https://packagist.org/packages/silverstripe/cms

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/silverstripe/cms

reference_url

https://packagist.org/packages/silverstripe/framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/silverstripe/framework

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12204

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12204

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12204

reference_id

CVE-2019-12204

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12204

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12204

reference_id

CVE-2019-12204

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12204

reference_url	https://github.com/advisories/GHSA-cg8j-8w52-735v
reference_id	GHSA-cg8j-8w52-735v
reference_type
scores
url	https://github.com/advisories/GHSA-cg8j-8w52-735v

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nzcm-xbxx-wyf9

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ru3j-21j8-ayhm

vulnerability	VCID-ytbc-8mhd-b3fc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

aliases CVE-2019-12204, GHSA-cg8j-8w52-735v

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z94y-nz4f-y7er

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.0

Package Instance