Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2019-12149: Potential SQL injection in restfulserver and registry modules

Severity:
Moderate (?)
Identifier:
CVE-2019-12149
Versions Affected:
silverstripe/restfulserver ^1.0, ^2.0, silverstripe/registry ^2.1
Versions Fixed:
silverstripe/restfulserver 1.0.9, 2.0.4, 2.1.2, silverstripe/registry 2.1.1, 2.2.1
Release Date:
2019-06-11

A potential SQL injection vulnerability has been identified in the silverstripe/restfulserver and silverstripe/registry modules which may allow specially crafted user input to be executed as SQL statements.

Reported by Tim Oliver, E2 Digital.

CVSS 7.4