Description

Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.

Remediation

References

CVE-2017-16558

Related Vulnerabilities

WordPress Plugin JiangQie Official Website Mini Program SQL Injection (1.1.0)

WordPress Plugin LiveGrounds 'uid' Parameter Cross-Site Scripting (0.42)

MongoDb Other Vulnerability (CVE-2018-20802)

Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2012-1156)

WordPress Plugin Wechat Reward Cross-Site Request Forgery (1.7)

Severity

Critical

Classification

CVE-2017-16558 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities