CVE-2019-5715: SQL Injection
First published: Tue Feb 19 2019(Updated: )
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/silverstripe/framework | >=3.0.0<3.6.7>=3.7.0<3.7.3>=4.0.0<4.0.7>=4.1.0<4.1.5>=4.2.0<4.2.4>=4.3.0<4.3.1 | |
| composer/silverstripe/framework | >=3.0.0<3.6.7 | 3.6.7 |
| composer/silverstripe/framework | >=4.3.0<4.3.1 | 4.3.1 |
| composer/silverstripe/framework | >=4.2.0<4.2.4 | 4.2.4 |
| composer/silverstripe/framework | >=4.1.0<4.1.5 | 4.1.5 |
| composer/silverstripe/framework | >=3.7.0<3.7.3 | 3.7.3 |
| composer/silverstripe/framework | >=4.0.0<4.0.7 | 4.0.7 |
| Silverstripe silverstripe | >=3.0.0<3.6.7 | |
| Silverstripe silverstripe | >=3.7.0<3.7.3 | |
| Silverstripe silverstripe | >=4.0.0<4.0.7 | |
| Silverstripe silverstripe | >=4.1.0<4.1.5 | |
| Silverstripe silverstripe | >=4.2.0<4.2.4 | |
| Silverstripe silverstripe | =4.3.0 | |
| >=3.0.0<3.6.7 | ||
| >=3.7.0<3.7.3 | ||
| >=4.0.0<4.0.7 | ||
| >=4.1.0<4.1.5 | ||
| >=4.2.0<4.2.4 | ||
| =4.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.silverstripe.org/download/security-releases/ss-2018-021
- https://nvd.nist.gov/vuln/detail/CVE-2019-5715
- https://www.silverstripe.org/download/security-releases/
- https://github.com/silverstripe/silverstripe-framework/issues/8814
- https://github.com/advisories/GHSA-wvfw-w3x6-g526 (Advisory)
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
Frequently Asked Questions
What is CVE-2019-5715?
CVE-2019-5715 is a vulnerability that allows for Reflected SQL Injection through Form and DataObject in SilverStripe versions 3.0.0 to 3.6.7 and 3.7.0 to 3.7.3, and versions 4.0.0 to 4.0.7, 4.1.0 to 4.1.5, 4.2.0 to 4.2.4, and 4.3.0 to 4.3.1.
How severe is CVE-2019-5715?
CVE-2019-5715 has a severity rating of 9, which is considered critical.
How can I fix CVE-2019-5715?
To fix CVE-2019-5715, update your SilverStripe installation to version 3.6.7, 3.7.3, 4.0.7, 4.1.5, 4.2.4, or 4.3.1.
Where can I find more information about CVE-2019-5715?
You can find more information about CVE-2019-5715 on the following websites: [SilverStripe Download Security Releases](https://www.silverstripe.org/download/security-releases/ss-2018-021), [NVD NIST](https://nvd.nist.gov/vuln/detail/CVE-2019-5715), and [SilverStripe Security Releases](https://www.silverstripe.org/download/security-releases/)
What is the CWE classification for CVE-2019-5715?
CVE-2019-5715 is classified under CWE-89, which is the category for Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').
- collector/friends-of-php
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wvfw-w3x6-g526
- alias/CVE-2019-5715
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- package-manager/composer
- vendor/silverstripe
- canonical/silverstripe silverstripe
- version/silverstripe silverstripe/3.0.0
- version/silverstripe silverstripe/3.7.0
- version/silverstripe silverstripe/4.0.0
- version/silverstripe silverstripe/4.1.0
- version/silverstripe silverstripe/4.2.0
- version/silverstripe silverstripe/4.3.0