Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/silverstripe-cms—path-disclosure.html

Date:
04-Apr-2017

Product:
SilverStripe CMS

Versions affected:
3.1.9 and below.

Vulnerability:
Path disclosure.

Example URL:
http://[target]/dev/build/
Path reported:
/home/[target]/public_html/framework/dev/DebugView.php

https://www.silverstripe.org/download/security-releases/ss-2015-001/

Credit:
Discovered by Patrick Webster

Disclosure timeline:
07-Nov-2015 -…