Skip to main content

Framework CVE-2022-38148

HIGH
SQL Injection (CWE-89)
2022-11-21 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 21, 2022 - 16:15 nvd
HIGH 8.8

DescriptionNVD

Silverstripe silverstripe/framework through 4.11 allows SQL Injection.

AnalysisAI

Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Affected products include: Silverstripe Framework. Version information: through 4.11.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2020-7991 HIGH POC
8.8 Jan 26

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. Rated high severity (CVSS 8.8), this v

CVE-2022-4413 MEDIUM POC
6.1 Dec 12

Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity

CVE-2021-43808 MEDIUM POC
6.1 Dec 08

Laravel is a web application framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no

CVE-2020-7990 MEDIUM POC
6.1 Jan 26

Adive Framework 2.0.8 has admin/user/add userName XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely

CVE-2020-7989 MEDIUM POC
6.1 Jan 26

Adive Framework 2.0.8 has admin/user/add userUsername XSS. Rated medium severity (CVSS 6.1), this vulnerability is remot

CVE-2021-43617 CRITICAL POC
9.8 Nov 14

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Val

CVE-2022-38724 MEDIUM POC
5.4 Nov 23

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin thr

CVE-2024-52301 HIGH
8.7 Nov 12

Laravel is a web application framework. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no a

CVE-2024-4337 HIGH
7.4 Apr 30

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripti

CVE-2024-4336 HIGH
7.4 Apr 30

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripti

CVE-2025-27515 MEDIUM
6.9 Mar 05

Laravel is a web application framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no

CVE-2023-22729 MEDIUM
6.1 Apr 26

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Ra

Share

CVE-2022-38148 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy