There is a vulnerability in silverstripe/taxonomy module that allows SQL injection. This affected controller (TaxonomyDirectoryController
) is disabled by default and must be enabled by a developer for the exploit to be possible.
CPE | Name | Operator | Version |
---|---|---|---|
silverstripe/taxonomy | eq | 2.0.0 | |
silverstripe/taxonomy | eq | 1.3.0 |
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/taxonomy/SS-2018-011-1.yaml
github.com/silverstripe/silverstripe-taxonomy
github.com/silverstripe/silverstripe-taxonomy/commit/01a5d9e04b993df507058aa53e6e18efc5ca405b
github.com/silverstripe/silverstripe-taxonomy/commit/d037941e931490c33af5029c676447ed38896ee8
www.silverstripe.org/download/security-releases/ss-2018-011