Vulnerabilities > Silverstripe > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-40180 Resource Exhaustion vulnerability in Silverstripe Graphql
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations.
network
low complexity
silverstripe CWE-400
7.5
7.5
2023-03-16 CVE-2023-28104 Allocation of Resources Without Limits or Throttling vulnerability in Silverstripe Graphql 4.1.1/4.2.2
`silverstripe/graphql` serves Silverstripe data as GraphQL representations.
network
low complexity
silverstripe CWE-770
7.5
7.5
2022-11-21 CVE-2022-38148 SQL Injection vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows SQL Injection.
network
low complexity
silverstripe CWE-89
8.8
8.8
2019-09-25 CVE-2019-12204 Unspecified vulnerability in Silverstripe
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
network
low complexity
silverstripe
7.5
7.5
2019-06-11 CVE-2019-12149 SQL Injection vulnerability in Silverstripe Registry and Restfulserver
SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.
network
low complexity
silverstripe CWE-89
7.5
7.5
2019-04-11 CVE-2019-5715 SQL Injection vulnerability in Silverstripe
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
network
low complexity
silverstripe CWE-89
7.5
7.5
2012-09-17 CVE-2011-4960 SQL Injection vulnerability in Silverstripe
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
silverstripe CWE-89
7.5
7.5
2009-04-27 CVE-2008-6753 SQL Injection vulnerability in Silverstripe
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
network
low complexity
silverstripe CWE-89
7.5
7.5
2009-04-24 CVE-2009-1433 SQL Injection vulnerability in Silverstripe
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
network
low complexity
silverstripe CWE-89
7.5
7.5