CVE-2013-6789

SilverStripe 3.0.3 - Exposure of Sensitive Information via GET Request Credentials

Title source: llm
STIX 2.1

Description

security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.

References (2)

Core 2

Scores

EPSS 0.0108
EPSS Percentile 61.1%

Details

CWE
CWE-200
Status published
Products (1)
silverstripe/silverstripe 3.0.3
Published Nov 13, 2013
Tracked Since Feb 18, 2026