Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2017-008: SQL injection in full text search of SilverStripe 4

Severity:
Critical (?)
Identifier:
ss-2017-008
Versions Affected:
3.5.5 and below, 3.6.0 to 3.6.2, 4.0.0
Versions Fixed:
3.5.6, 3.6.3, 4.0.1
Release Date:
2017-12-07

When performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability.

The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to mysql.

Reported by Stephan Bauer