8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-9309

GHSA ID

GHSA-h77w-655f-6j3m

EPSS Score

0.71691%

CWE

CWE-434

Published

5/24/2022

Updated

8/22/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-9309

CVE-2020-9309:
Silverstripe CMS malicious file upload enables script execution

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-9309

GHSA ID

GHSA-h77w-655f-6j3m

EPSS Score

0.71691%

CWE

CWE-434

Published

5/24/2022

Updated

8/22/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
silverstripe/cms	composer	<= 4.5.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient MIME type validation in file upload handling. Silverstripe CMS's core Upload_Validator class relies on extension-based validation by default. When the optional mimevalidator module is absent, the validate() method in Upload_Validator does not enforce MIME type checks, allowing files with dangerous content to be uploaded if their extension is permitted. This matches the CWE-434 description and the advisory's emphasis on MIME validation being optional. The function's role in the upload validation pipeline and the module's mitigation strategy confirm its relevance.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Silv*rstrip* *MS t*rou** *.* **n ** sus**pti*l* to s*ript *x**ution *rom m*li*ious uplo** *ont*nts un**r *llow** *il* *xt*nsions (*or *x*mpl* *TML *o** in * TXT *il*). W**n t**s* *il*s *r* stor** *s prot**t** or *r**t *il*s, t** MIM* **t**tion **n **

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt MIM* typ* v*li**tion in *il* uplo** **n*lin*. Silv*rstrip* *MS's *or* Uplo**_V*li**tor *l*ss r*li*s on *xt*nsion-**s** v*li**tion *y ****ult. W**n t** option*l mim*v*li**tor mo*ul* is **s*nt, t** v*li**t*() m

8.8

Basic Information

Concerned about an active attack path?

CVE-2020-9309: Silverstripe CMS malicious file upload enables script execution

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-9309:
Silverstripe CMS malicious file upload enables script execution

Vulnerability Intelligence
Miggo AI