CVE-2019-5715

CRITICAL

SilverStripe 3.0.0-3.6.6 and 3.7.0-3.7.2 - Reflected SQL Injection via Form and DataObject

Title source: llm
STIX 2.1

Description

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.

References (2)

Core 2
Core References

Scores

CVSS v3 9.8
EPSS 0.0156
EPSS Percentile 72.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (3)
silverstripe/framework 3.0.0 - 3.6.7Packagist
silverstripe/silverstripe 4.3.0
silverstripe/silverstripe 3.0.0 - 3.6.7
Published Apr 11, 2019
Tracked Since Feb 18, 2026