Reflected SQL Injection in SilverStripe by SilverStripe
CVE-2019-5715

9.8CRITICAL

Key Information:

Vendor: Silverstripe
Status: Silverstripe
Vendor: CVE Published:; 11 April 2019

🔔 Create Silverstripe Vulnerability Alert

What is CVE-2019-5715?

This vulnerability in SilverStripe allows attackers to exploit reflected SQL injection through Form and DataObject components in various versions. By sending crafted requests, an attacker can manipulate SQL queries made by the server, which may lead to unauthorized data access or potential data corruption. It is crucial for users operating affected versions to upgrade to the specified secure versions to mitigate the risk.

References

https://www.silverstripe.org/download/security-releases/s...

x_refsource_MISC

https://www.silverstripe.org/download/security-releases/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2019
Vulnerability Reserved
Jan 8, 2019

CVE-2019-5715 Data

JSON