silverstripe/framework is vulnerable to sql injection. The vulnerability exists in the getManipulatedData
function in GridFieldSortableHeader.php
where an attacker with cms access could execute an arbitrary sql statements.
forum.silverstripe.org/c/releases
github.com/advisories/GHSA-rr8h-f97q-8p9c
github.com/silverstripe/silverstripe-framework/commit/4308a93cc81a75227bcbfc1abd4aaf5e21ef21ee
github.com/silverstripe/silverstripe-framework/pull/10582
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/cve-2022-38148