CVE-2019-5715
CRITICALSilverStripe 3.0.0-3.6.6 and 3.7.0-3.7.2 - Reflected SQL Injection via Form and DataObject
Title source: llmDescription
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.silverstripe.org/download/security-releases/ss-2018-021
Vendor Advisory x_refsource_misc
https://www.silverstripe.org/download/security-releases/
Scores
CVSS v3
9.8
EPSS
0.0156
EPSS Percentile
72.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (3)
silverstripe/framework
3.0.0 - 3.6.7Packagist
silverstripe/silverstripe
4.3.0
silverstripe/silverstripe
3.0.0 - 3.6.7
Published
Apr 11, 2019
Tracked Since
Feb 18, 2026