HTTP Request Smuggling Affecting silverstripe/framework package, versions >=3.0.0, <3.0.14>=3.1.0, <3.1.13
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-SILVERSTRIPEFRAMEWORK-17400373
- published22 Jun 2026
- disclosed19 Jun 2026
- creditEd Chipman
Introduced: 19 Jun 2026
New CVE NOT AVAILABLE CWE-184 (opens in a new tab)How to fix?
Upgrade silverstripe/framework to version 3.0.14, 3.1.13 or higher.
Overview
silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.
Affected versions of this package are vulnerable to HTTP Request Smuggling via interaction between SQLQuery and the default FulltextSearch functionality. An attacker can supply specially crafted search terms containing " as " that cause SQLQuery to incorrectly rewrite generated SQL statements due to flawed legacy compatibility handling. This results in malformed queries and may cause application errors or denial of service, but does not allow the generation of valid attacker-controlled SQL.