Miggo Logo

CVE-2020-9309: Silverstripe CMS malicious file upload enables script execution

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.71691%
Published
5/24/2022
Updated
8/22/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
silverstripe/cmscomposer<= 4.5.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient MIME type validation in file upload handling. Silverstripe CMS's core Upload_Validator class relies on extension-based validation by default. When the optional mimevalidator module is absent, the validate() method in Upload_Validator does not enforce MIME type checks, allowing files with dangerous content to be uploaded if their extension is permitted. This matches the CWE-434 description and the advisory's emphasis on MIME validation being optional. The function's role in the upload validation pipeline and the module's mitigation strategy confirm its relevance.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Silv*rstrip* *MS t*rou** *.* **n ** sus**pti*l* to s*ript *x**ution *rom m*li*ious uplo** *ont*nts un**r *llow** *il* *xt*nsions (*or *x*mpl* *TML *o** in * TXT *il*). W**n t**s* *il*s *r* stor** *s prot**t** or *r**t *il*s, t** MIM* **t**tion **n **

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt MIM* typ* v*li**tion in *il* uplo** **n*lin*. Silv*rstrip* *MS's *or* Uplo**_V*li**tor *l*ss r*li*s on *xt*nsion-**s** v*li**tion *y ****ult. W**n t** option*l mim*v*li**tor mo*ul* is **s*nt, t** v*li**t*() m