Vulnerabilities > Silverstripe > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-12204 | Unspecified vulnerability in Silverstripe In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | 9.8 |
| 2019-06-11 | CVE-2019-12149 | SQL Injection vulnerability in Silverstripe Registry and Restfulserver SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. | 9.8 |
| 2019-04-11 | CVE-2019-5715 | SQL Injection vulnerability in Silverstripe All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. | 9.8 |