Miggo Logo
Miggo Vulnerability Database
CVE-2022-38148

CVE-2022-38148:
Blind SQL Injection via GridFieldSortableHeader

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-38148
GHSA ID
GHSA-rr8h-f97q-8p9c
EPSS Score
0.39586%
CWE
CWE-89
Published
11/22/2022
Updated
1/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
silverstripe/frameworkcomposer>= 4.0.0, < 4.10.114.10.11
silverstripe/frameworkcomposer>= 4.11.0, < 4.11.144.11.14

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers around improper handling of GridField state parameters in sorting operations. GridFieldSortableHeader processes user-controlled sort parameters that flow into SQL ORDER BY clauses. DataList::sort() is a core ORM method that would execute these parameters. Without proper whitelisting/escaping of column names and directions (handled via state parameters), attackers can inject SQL through crafted sort values. The high confidence comes from: 1) Advisory explicitly naming GridFieldSortableHeader 2) SQL injection pattern matching ORM sort() method behavior 3) GridField state being the documented attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ri**i*l* st*t* is vuln*r**l* to SQL inj**tions. T** v*st m*jority o* *ri**i*l*s in Silv*rstrip* *MS *r* *****t** *y t*is vuln*r**ility. *n *tt**k*r wit* *MS ****ss *oul* *x**ut* *n *r*itr*ry SQL st*t*m*nt *y ***in* *n SQL p*ylo** in som* p*rts o* t

Reasoning

T** vuln*r**ility **nt*rs *roun* improp*r **n*lin* o* `*ri**i*l*` st*t* p*r*m*t*rs in sortin* op*r*tions. `*ri**i*l*Sort**l******r` pro**ss*s us*r-*ontroll** sort p*r*m*t*rs t**t *low into SQL `OR**R *Y` *l*us*s. `**t*List::sort()` is * *or* ORM m*t*