{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40907?format=json","vulnerability_id":"VCID-1mmc-91gk-r3d3","summary":"SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.","aliases":[{"alias":"CVE-2019-5715"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57785?format=json","purl":"pkg:composer/silverstripe/framework@3.6.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57786?format=json","purl":"pkg:composer/silverstripe/framework@3.7.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/57787?format=json","purl":"pkg:composer/silverstripe/framework@4.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57788?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57789?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/57790?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52215?format=json","purl":"pkg:composer/silverstripe/framework@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-3snr-vtda-jqdj"},{"vulnerability":"VCID-78b6-1v3w-qfc3"},{"vulnerability":"VCID-8xwp-xd3k-fqaz"},{"vulnerability":"VCID-nu3h-nb1g-67bs"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-uyxp-7fh1-77cg"},{"vulnerability":"VCID-wmfv-vtnz-bkad"},{"vulnerability":"VCID-yfuu-th6b-nba4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57781?format=json","purl":"pkg:composer/silverstripe/framework@3.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54914?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-qdwg-f2bx-1bay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57782?format=json","purl":"pkg:composer/silverstripe/framework@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57783?format=json","purl":"pkg:composer/silverstripe/framework@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57784?format=json","purl":"pkg:composer/silverstripe/framework@4.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mmc-91gk-r3d3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.0"}],"references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":89,"name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3"}