CVE-2019-12149: Potential SQL injection in restfulserver and registry modules
- Moderate (?)
- Versions Affected:
- silverstripe/restfulserver ^1.0, ^2.0, silverstripe/registry ^2.1
- Versions Fixed:
- silverstripe/restfulserver 1.0.9, 2.0.4, 2.1.2, silverstripe/registry 2.1.1, 2.2.1
- Release Date:
A potential SQL injection vulnerability has been identified in the silverstripe/restfulserver and silverstripe/registry modules which may allow specially crafted user input to be executed as SQL statements.
Reported by Tim Oliver, E2 Digital.