CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-12149
https://notcve.org/view.php?id=CVE-2019-12149
SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. Vulnerabilidad en la inyección del SQL en el módulo silverstripe/restfulserver 1.0.x anterior1.0.9, 2.0.x anterior 2.0.4, and 2.1.x anterior 2.1.2 and silverstripe/registry module 2.1.x anterior 2.1.1 and 2.2.x anterior2.2.1 permite a los atacantes to ejecutar comandos SQL arbitrarios • https://www.silverstripe.org/download/security-releases/cve-2019-12149 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •