CVE-2019-5715

Name of the Vulnerable Software and Affected Versions SilverStripe versions prior to 3.6.7 SilverStripe versions prior to 3.7.3 SilverStripe 4 versions prior to 4.0.7 SilverStripe 4 versions prior to 4.1.5 SilverStripe 4 versions prior to 4.2.4 SilverStripe 4 versions prior to 4.3.1

Description The issue allows for Reflected SQL Injection through the Form and DataObject. This can potentially be exploited to extract or modify sensitive data.

Recommendations For SilverStripe versions prior to 3.6.7, update to version 3.6.7 or later. For SilverStripe versions prior to 3.7.3, update to version 3.7.3 or later. For SilverStripe 4 versions prior to 4.0.7, update to version 4.0.7 or later. For SilverStripe 4 versions prior to 4.1.5, update to version 4.1.5 or later. For SilverStripe 4 versions prior to 4.2.4, update to version 4.2.4 or later. For SilverStripe 4 versions prior to 4.3.1, update to version 4.3.1 or later.