Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2019-5715 - Vulnerability Database
silverstripeCMS

silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2019-5715

Critical
Reference: CVE-2019-5715
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-5715
Title: silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3 and all versions of SilverStripe 4 prior to 4.0.7 4.1.5 4.2.4 and 4.3.1 allows Reflected SQL Injection through Form and DataObject.