Lucene search
GoogleOSV:GHSA-P2V5-XCQM-4FV6HistoryMay 28, 2024 - 5:29 p.m.
silverstripe/taxonomy SQL Injection vulnerability
2024-05-2817:29:03
Google
osv.dev
4
silverstripe
taxonomy
sql injection
vulnerability
enabled
developer
8.1 High
AI Score
Confidence
Low
There is a vulnerability in silverstripe/taxonomy module that allows SQL injection. This affected controller (TaxonomyDirectoryController) is disabled by default and must be enabled by a developer for the exploit to be possible.
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe/taxonomy | eq | 2.0.0 | |
| silverstripe/taxonomy | eq | 1.3.0 |
References
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/taxonomy/SS-2018-011-1.yaml
github.com/silverstripe/silverstripe-taxonomy
github.com/silverstripe/silverstripe-taxonomy/commit/01a5d9e04b993df507058aa53e6e18efc5ca405b
github.com/silverstripe/silverstripe-taxonomy/commit/d037941e931490c33af5029c676447ed38896ee8
www.silverstripe.org/download/security-releases/ss-2018-011
8.1 High
AI Score
Confidence
Low