Description

SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.

Remediation

References

CVE-2009-1433

Related Vulnerabilities

WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (4.21.1)

MySQL CVE-2021-2016 Vulnerability (CVE-2021-2016)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.50)

WordPress Plugin Appointments PHP Object Injection (2.2.1)

PHP Other Vulnerability (CVE-2007-1375)

Severity

High

Classification

CVE-2009-1433 CWE-138

Tags

Missing Update Known Vulnerabilities