Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2022-29858 - Unpublished, protected files can be published via shortcode

Severity:
Medium (?)
Identifier:
CVE-2022-29858
Versions Affected:
silverstripe/assets: <=1.10.0
Versions Fixed:
silverstripe/assets: 1.10.1
Release Date:
2022-06-28

Draft protected images can be published by changing an existing image shortcode on website content to match the ID of the draft protected image and then publishing the website content.

Base CVSS: 4.3

Reported by: ranjit-git via huntr.dev