What is CVE-2019-12149?

CVE-2019-12149 is a vulnerability that allows attackers to execute arbitrary SQL commands in the silverstripe/restfulserver and silverstripe/registry modules.

How severe is CVE-2019-12149?

CVE-2019-12149 has a severity rating of 9.8, which is considered critical.

Which software is affected by CVE-2019-12149?

The silverstripe/restfulserver module versions 1.0.0 to 1.0.9, 2.0.0 to 2.0.4, and the silverstripe/registry module versions 2.1.0 to 2.1.2, 2.2.0 to 2.2.1 are affected by CVE-2019-12149.

How can an attacker exploit CVE-2019-12149?

An attacker can exploit CVE-2019-12149 by injecting malicious SQL commands into the affected modules, which can then be executed by the application.

Where can I find more information about CVE-2019-12149?

You can find more information about CVE-2019-12149 at the following link: [https://www.silverstripe.org/download/security-releases/cve-2019-12149](https://www.silverstripe.org/download/security-releases/cve-2019-12149)

Vulnerability/
CVE-2019-12149

critical

9.8

CWE

11/6/2019

4/8/2024

CVE-2019-12149: SQL Injection

First published: Tue Jun 11 2019(Updated: )

CVE-2019-12149: Potential SQL injection in restfulserver and registry modules

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/silverstripe/registry	>=2.1.0<2.1.2>=2.2.0<2.2.1
composer/silverstripe/restfulserver	>=1.0.0<1.0.9>=2.0.0<2.0.4
composer/silverstripe/restfulserver	>=2.0.0<2.0.4	2.0.4
composer/silverstripe/restfulserver	>=1.0.0<1.0.9	1.0.9
composer/silverstripe/registry	>=2.2.0<2.2.1	2.2.1
composer/silverstripe/registry	>=2.1.0<2.1.1	2.1.1
composer/silverstripe/restfulserver	>=2.1.0<2.1.2	2.1.2
SilverStripe Registry	>=2.1.0<2.1.1
SilverStripe Registry	>=2.2.0<2.2.1
SilverStripe RestfulServer	>=1.0.1<1.0.9
SilverStripe RestfulServer	>=2.0.0<2.0.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-12149?
CVE-2019-12149 is a vulnerability that allows attackers to execute arbitrary SQL commands in the silverstripe/restfulserver and silverstripe/registry modules.
How severe is CVE-2019-12149?
CVE-2019-12149 has a severity rating of 9.8, which is considered critical.
Which software is affected by CVE-2019-12149?
The silverstripe/restfulserver module versions 1.0.0 to 1.0.9, 2.0.0 to 2.0.4, and the silverstripe/registry module versions 2.1.0 to 2.1.2, 2.2.0 to 2.2.1 are affected by CVE-2019-12149.
How can an attacker exploit CVE-2019-12149?
An attacker can exploit CVE-2019-12149 by injecting malicious SQL commands into the affected modules, which can then be executed by the application.
Where can I find more information about CVE-2019-12149?
You can find more information about CVE-2019-12149 at the following link: [https://www.silverstripe.org/download/security-releases/cve-2019-12149](https://www.silverstripe.org/download/security-releases/cve-2019-12149)

collector/friends-of-php
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-4j6v-3895-8g2j
alias/CVE-2019-12149
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/references
agent/description
agent/author
agent/softwarecombine
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
package-manager/composer
vendor/silverstripe
canonical/silverstripe registry
version/silverstripe registry/2.1.0
version/silverstripe registry/2.2.0
canonical/silverstripe restfulserver
version/silverstripe restfulserver/1.0.1
version/silverstripe restfulserver/2.0.0