Lucene search
GitHub Advisory DatabaseGHSA-P2V5-XCQM-4FV6HistoryMay 28, 2024 - 5:29 p.m.
silverstripe/taxonomy SQL Injection vulnerability
2024-05-2817:29:03
CWE-89
GitHub Advisory Database
github.com
4
silverstripe
taxonomy
sql injection
controller
developer
exploit
vulnerability
8.1 High
AI Score
Confidence
Low
There is a vulnerability in silverstripe/taxonomy module that allows SQL injection. This affected controller (TaxonomyDirectoryController) is disabled by default and must be enabled by a developer for the exploit to be possible.
Affected configurations
Node
silverstriperegistryRange<2.0.1silverstripe
ORsilverstriperegistryRange<1.3.1silverstripe
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe/taxonomy | lt | 2.0.1 | |
| silverstripe/taxonomy | lt | 1.3.1 |
References
github.com/advisories/GHSA-p2v5-xcqm-4fv6
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/taxonomy/SS-2018-011-1.yaml
github.com/silverstripe/silverstripe-taxonomy/commit/01a5d9e04b993df507058aa53e6e18efc5ca405b
github.com/silverstripe/silverstripe-taxonomy/commit/d037941e931490c33af5029c676447ed38896ee8
www.silverstripe.org/download/security-releases/ss-2018-011
8.1 High
AI Score
Confidence
Low