-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from SilverStripe's Backtrace class not filtering arguments for mysqli::real_connect in stack traces. The commit diff explicitly adds this function to a blacklist of arguments to ignore, confirming that its absence in prior versions caused credential exposure. Since mysqli::real_connect handles database connections and its arguments include credentials, its unredacted inclusion in error traces directly enabled the information leak.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/framework | composer | >= 3.7.0-rc1, < 3.7.1 | 3.7.1 |
| silverstripe/framework | composer | >= 4.0.0-rc1, < 4.0.5 | 4.0.5 |
| silverstripe/framework |
| composer |
| >= 4.1.0-rc1, < 4.1.3 |
| 4.1.3 |
| silverstripe/framework | composer | >= 4.2.0-rc1, < 4.2.2 | 4.2.2 |
Ongoing coverage of React2Shell