{"id":"CVE-2019-5715","details":"All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.","aliases":["GHSA-wvfw-w3x6-g526"],"modified":"2026-02-11T23:48:58.438694Z","published":"2019-04-11T19:29:01.287Z","references":[{"type":"ADVISORY","url":"https://www.silverstripe.org/download/security-releases/"},{"type":"ADVISORY","url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/silverstripe/silverstripe-cms","events":[{"introduced":"0c02b8872f29a1c789d3313562cde6117892d9c7"},{"fixed":"38bccd63f8ee28dc6b37a44baf77a1d1ec8949cf"},{"introduced":"25ee305f3264c01ab1943fe53c94f39a460688c5"},{"fixed":"878443d478f201ab47b6196beb7fc5fa932c7141"},{"introduced":"59a50dab0b2c8a46af5076266d440934e99778e6"},{"fixed":"338c512e154a37936185dd24bf9073c9186f0543"},{"introduced":"9bf05b397f1bcb0522fa6e773f12be394f3ce7e5"},{"fixed":"e277293cf4fdb86de8487c341f6eb6b4859c1a58"},{"introduced":"d970d57ed9e84b7796a46f16f1e1efe213eb00b5"},{"fixed":"6b588a9bf503b4f853cc256fa2ef383dca2c2ae8"}]}],"versions":["2.4.10","2.4.6","2.4.7","2.4.8","2.4.8-rc1","2.4.9","3.0.0","3.0.0-rc3","3.0.1","3.0.1-rc1","3.0.1-rc2","3.0.1-rc3","3.0.10","3.0.10-rc1","3.0.11","3.0.11-rc1","3.0.2","3.0.2-rc1","3.0.2-rc2","3.0.3","3.0.3-rc1","3.0.3-rc2","3.0.4","3.0.5","3.0.6","3.0.6-rc1","3.0.6-rc2","3.0.7","3.0.8","3.0.9","3.0.9-rc1","3.1.0","3.1.0-beta1","3.1.0-beta2","3.1.0-beta3","3.1.0-rc1","3.1.0-rc3","3.1.1","3.1.10","3.1.10-rc1","3.1.10-rc2","3.1.11","3.1.11-rc1","3.1.12","3.1.13","3.1.13-rc1","3.1.14","3.1.14-rc1","3.1.15","3.1.16","3.1.16-rc1","3.1.17","3.1.17-rc1","3.1.17-rc2","3.1.18","3.1.18-rc1","3.1.18-rc2","3.1.19","3.1.19-rc1","3.1.2","3.1.2-rc1","3.1.20","3.1.20-rc1","3.1.20-rc2","3.1.21","3.1.3","3.1.3-rc1","3.1.3-rc2","3.1.4","3.1.4-rc1","3.1.5","3.1.5-rc1","3.1.6","3.1.6-rc1","3.1.6-rc2","3.1.6-rc3","3.1.7","3.1.7-rc1","3.1.8","3.1.9","3.1.9-rc1","3.2.0","3.2.0-beta1","3.2.0-beta2","3.2.0-rc1","3.2.0-rc2","3.2.1","3.2.1-rc1","3.2.1-rc2","3.2.2","3.2.2-rc1","3.2.2-rc2","3.2.3","3.2.3-rc1","3.2.3-rc2","3.2.4","3.2.4-rc1","3.2.5","3.2.5-rc1","3.2.5-rc2","3.2.6","3.3.0","3.3.0-beta1","3.3.0-rc1","3.3.0-rc2","3.3.0-rc3","3.3.1","3.3.1-rc1","3.3.1-rc2","3.3.2","3.3.2-rc1","3.3.3","3.3.3-rc1","3.3.3-rc2","3.3.4","3.4.0","3.4.0-rc1","3.4.1","3.4.1-rc1","3.4.1-rc2","3.4.2","3.4.3","3.4.3-rc1","3.4.4","3.4.4-rc1","3.4.5","3.4.5-rc1","3.4.6","3.4.6-rc1","3.4.6-rc2","3.5.0","3.5.0-rc1","3.5.0-rc2","3.5.0-rc3","3.5.1","3.5.1-rc1","3.5.1-rc2","3.5.2","3.5.2-rc1","3.5.3","3.5.3-rc1","3.5.4","3.5.4-rc1","3.5.5","3.5.5-beta1","3.5.5-beta2","3.5.6","3.5.6-rc1","3.5.7","3.5.8","3.5.8-rc1","3.6.0","3.6.0-beta1","3.6.0-beta2","3.6.0-rc1","3.6.1","3.6.1-alpha1","3.6.1-alpha2","3.6.2","3.6.2-beta1","3.6.2-beta2","3.6.3","3.6.3-rc2","3.6.4","3.6.5","3.6.6","3.6.6-rc1","3.6.7","4.0.0","4.0.0-rc3","4.0.1","4.0.1-rc1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5715.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/silverstripe/silverstripe-framework","events":[{"introduced":"1bcd449acecf74c782feecbd11991b1ea0c06e2a"},{"fixed":"306b2a0b828fde62c4fe49a1dfb52770d8ad96ba"},{"introduced":"6d8df46b8a7e3281fbd1299c626dd7a5a9a14a83"},{"fixed":"3f3a1884d72a2bed29b1d73fbbf8102cc6c7857c"},{"introduced":"bfa436bb2a6f4534e82130dda38b625f25634578"},{"fixed":"8c9e8fb5f3f6b9851ac48473664df733344cf0c6"},{"introduced":"caefab774e8ab22ef48d8c1b4112450d103ec006"},{"fixed":"1362b20ee43d8603d0c4a0336c539db700e302b7"},{"introduced":"d9261af1f3201fcea0d67a72b6fa1408ec69effc"},{"fixed":"bb5701b73d40909caf99d71bac02e0329d301335"}]}],"versions":["2.4.10","2.4.6","2.4.7","2.4.8","2.4.8-rc1","2.4.9","3.0.0","3.0.0-rc3","3.0.1","3.0.1-rc1","3.0.1-rc2","3.0.1-rc3","3.0.10","3.0.10-rc1","3.0.11","3.0.11-rc1","3.0.2","3.0.2-rc1","3.0.2-rc2","3.0.3","3.0.3-rc1","3.0.3-rc2","3.0.4","3.0.5","3.0.6","3.0.6-rc1","3.0.6-rc2","3.0.7","3.0.8","3.0.9","3.0.9-rc1","3.1.0","3.1.0-beta1","3.1.0-rc1","3.1.0-rc3","3.1.1","3.1.10","3.1.10-rc1","3.1.10-rc2","3.1.11","3.1.11-rc1","3.1.12","3.1.13","3.1.13-rc1","3.1.14","3.1.14-rc1","3.1.15","3.1.16","3.1.16-rc1","3.1.17","3.1.17-rc1","3.1.17-rc2","3.1.18","3.1.18-rc1","3.1.18-rc2","3.1.19","3.1.19-rc1","3.1.2","3.1.2-rc1","3.1.20","3.1.20-rc1","3.1.20-rc2","3.1.21","3.1.3","3.1.3-rc1","3.1.3-rc2","3.1.4","3.1.4-rc1","3.1.5","3.1.5-rc1","3.1.6","3.1.6-rc1","3.1.6-rc2","3.1.6-rc3","3.1.7","3.1.7-rc1","3.1.8","3.1.9","3.1.9-rc1","3.2.0","3.2.0-beta1","3.2.0-beta2","3.2.0-rc1","3.2.0-rc2","3.2.1","3.2.1-rc1","3.2.1-rc2","3.2.2","3.2.2-rc1","3.2.2-rc2","3.2.3","3.2.3-rc1","3.2.3-rc2","3.2.4","3.2.4-rc1","3.2.5","3.2.5-rc1","3.2.5-rc2","3.2.6","3.3.0","3.3.0-beta1","3.3.0-rc1","3.3.0-rc2","3.3.0-rc3","3.3.1","3.3.1-rc1","3.3.1-rc2","3.3.2","3.3.2-rc1","3.3.3","3.3.3-rc1","3.3.3-rc2","3.3.4","3.4.0","3.4.0-rc1","3.4.1","3.4.1-rc1","3.4.1-rc2","3.4.2","3.4.3","3.4.3-rc1","3.4.4","3.4.4-rc1","3.4.5","3.4.5-rc1","3.4.6","3.4.6-rc1","3.4.6-rc2","3.5.0","3.5.0-rc1","3.5.0-rc2","3.5.0-rc3","3.5.1","3.5.1-rc1","3.5.1-rc2","3.5.2","3.5.2-rc1","3.5.3","3.5.3-rc1","3.5.4","3.5.4-rc1","3.5.5","3.5.5-beta1","3.5.5-beta2","3.5.6","3.5.6-rc1","3.5.7","3.5.8","3.5.8-rc1","3.6.0","3.6.0-beta1","3.6.0-beta2","3.6.0-rc1","3.6.1","3.6.1-alpha2","3.6.2","3.6.2-beta1","3.6.2-beta2","3.6.3","3.6.3-rc2","3.6.4","3.6.5","3.6.6","3.6.6-rc1","4.0.5","4.0.6","4.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5715.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}