Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2018-011: SQL injection vulnerability

Severity:
Medium (?)
Identifier:
SS-2018-011
Versions Affected:
silverstripe/taxonomy: 1.3.0, 2.0.0
Versions Fixed:
silverstripe/taxonomy: 1.3.1, 2.0.1
Release Date:
2018-05-28

There is a vulnerability in silverstripe/taxonomy module that allows SQL injection. This affected controller (TaxonomyDirectoryController) is disabled by default and must be enabled by a developer for the exploit to be possible.

Reported by Insomnia Security.