SQL Injection Vulnerability in SilverStripe Framework Affects Multiple Versions
CVE-2022-38148

8.8HIGH

Key Information:

Vendor: Silverstripe
Status: Framework
Vendor: CVE Published:; 21 November 2022

🔔 Create Silverstripe Vulnerability Alert

What is CVE-2022-38148?

The SilverStripe framework through version 4.11 is susceptible to SQL injection attacks. This vulnerability allows an attacker to manipulate SQL queries by injecting arbitrary SQL code through unsanitized input, which could lead to unauthorized access to the database, the exposure of sensitive information, or alteration of data. Severity can vary based on the application design and how the framework is utilized. It is crucial for developers and system administrators to apply the necessary updates to mitigate risks associated with this vulnerability.

References

https://www.silverstripe.org/download/security-releases/

https://www.silverstripe.org/blog/tag/release

https://forum.silverstripe.org/c/releases

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2022
Vulnerability Reserved
Aug 10, 2022

CVE-2022-38148 Data

JSON