Description
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium Cross-Site Scripting (13.02)
WordPress Plugin Frontier Post Security Bypass (1.3.2)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21025)
PHP NULL Pointer Dereference Vulnerability (CVE-2018-19935)
WordPress Plugin LearnPress-WordPress LMS Arbitrary File Write (3.2.2)