Name of the Vulnerable Software and Affected Versions: SilverStripe versions 4.0.0 SilverStripe versions 3.5 through 3.6

Description: The issue is related to a possible SQL injection vulnerability when performing a fulltext search. Specifically, the start querystring parameter is not escaped safely. In versions 3.5 and 3.6, the SearchForm sanitises these variables prior to passing to mysql, making them less vulnerable.

Recommendations: For SilverStripe version 4.0.0, ensure the start querystring parameter is properly escaped to prevent SQL injection. For SilverStripe versions 3.5 through 3.6, consider additional validation for the start parameter to further reduce the risk of exploitation, although SearchForm already provides some sanitisation.