Lucene search
Veracode Vulnerability DatabaseVERACODE:38153HistoryNov 22, 2022 - 8:36 a.m.
SQL Injection
2022-11-2208:36:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
sql injection
silverstripe/framework
gridfieldsortableheader.php
vulnerability
cms access
arbitrary sql statements
EPSS
0.003
Percentile
66.2%
silverstripe/framework is vulnerable to sql injection. The vulnerability exists in the getManipulatedData function in GridFieldSortableHeader.php where an attacker with cms access could execute an arbitrary sql statements.
References
forum.silverstripe.org/c/releases
github.com/advisories/GHSA-rr8h-f97q-8p9c
github.com/silverstripe/silverstripe-framework/commit/4308a93cc81a75227bcbfc1abd4aaf5e21ef21ee
github.com/silverstripe/silverstripe-framework/pull/10582
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/cve-2022-38148
Related
prion
prion
Sql injection
2022-11-21 16:15:00
osv
osv
CVE-2022-38148
2022-11-21 16:15:13
Blind SQL Injection via GridFieldSortableHeader
2022-11-22 00:00:07
github
github
Blind SQL Injection via GridFieldSortableHeader
2022-11-22 00:00:07
cvelist
cvelist
CVE-2022-38148
2022-11-21 00:00:00
friendsofphp
friendsofphp
CVE-2022-38148 - Blind SQL Injection via GridFieldSortableHeader
2021-11-21 00:00:00
nvd
nvd
CVE-2022-38148
2022-11-21 16:15:13
cve
cve
CVE-2022-38148
2022-11-21 16:15:13