GHSA-xx4r-5265-48j6: silverstripe/framework SQL injection in full text search
When performing a fulltext search in SilverStripe 4.0.0 the ‘start’ querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability.
The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to mysql.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml
- github.com/advisories/GHSA-xx4r-5265-48j6
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b
- github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4
- www.silverstripe.org/download/security-releases/ss-2017-008
Code Behaviors & Features
Detect and mitigate GHSA-xx4r-5265-48j6 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →