CVE-2015-10077 MEDIUM

CVE-2015-10077: webbuilders-group silverstripe-kapost-bridge KapostService.php getPreview sql injection

Vendor Webbuilders-Group
Product silverstripe-kapost-bridge
Weakness CWE-89 · SQLi
Published February 10, 2023
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The patch is named 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.

Key dates

02Disclosure timeline

February 10, 2023 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings CVE-2023-37372 CVE-2025-8922 code-projects Job Diary admin-inbox.php sql injection CVE-2023-50844 WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection CVE-2023-26020 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio