CVE-2015-10077: 
PHP vulnerability analysis and mitigation

A critical SQL injection vulnerability was discovered in webbuilders-group silverstripe-kapost-bridge version 0.3.3. The vulnerability affects the index/getPreview function in the file code/control/KapostService.php. This security issue was assigned CVE-2015-10077 and was publicly disclosed on February 10, 2023 (NVD).

The vulnerability exists in the function index/getPreview of the file code/control/KapostService.php where improper input validation could lead to SQL injection. The vulnerability received a CVSS v3.1 base score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating it can be exploited remotely without authentication (NVD).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access, data manipulation, or exposure of sensitive information in the database (NVD).

The vulnerability has been fixed in version 0.4.0 of silverstripe-kapost-bridge. Users are strongly recommended to upgrade to this version. The fix involves changing the input sanitization from Convert::raw2xml to Convert::raw2sql for better SQL injection protection (GitHub Patch).