GHSA-rr8h-f97q-8p9c

Source

https://github.com/advisories/GHSA-rr8h-f97q-8p9c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-rr8h-f97q-8p9c/GHSA-rr8h-f97q-8p9c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rr8h-f97q-8p9c

Aliases

CVE-2022-38148

Published

2022-11-22T00:00:07Z

Modified

2024-02-21T05:32:45.828937Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Blind SQL Injection via GridFieldSortableHeader

Details

Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability.

An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state.

Database specific

{
    "nvd_published_at": "2022-11-21T16:15:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-22T00:00:07Z"
}

References

Affected packages

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.10.11

Affected versions

4.*

4.0.0

4.0.1-rc1

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.1.0-rc1

4.1.0-rc2

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.2.0-beta1

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0-rc1

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.4.0-rc1

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.5.0-alpha1

4.5.0-rc1

4.5.0-rc2

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.6.0-beta1

4.6.0-rc1

4.6.0

4.6.1

4.6.2

4.7.0-beta1

4.7.0-rc1

4.7.0

4.7.1

4.7.2

4.7.3

4.7.4

4.8.0-beta1

4.8.0-rc1

4.8.0

4.8.1

4.9.0-alpha1

4.9.0-beta1

4.9.0-rc1

4.9.0

4.9.1

4.9.2

4.9.3

4.9.4

4.10.0-beta1

4.10.0-rc1

4.10.0

4.10.1

4.10.2

4.10.3

4.10.4

4.10.5

4.10.6

4.10.7

4.10.8

4.10.9

4.10.10

Packagist / silverstripe/framework

Package

Name: silverstripe/framework
Purl: pkg:composer/silverstripe/framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.11.0

Fixed

4.11.14

Affected versions

4.*

4.11.0

4.11.1

4.11.2

4.11.3

4.11.4

4.11.5

4.11.6

4.11.7

4.11.8

4.11.9

4.11.10

4.11.11

4.11.12

4.11.13