Description

Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.

Remediation

References

CVE-2017-16558

Related Vulnerabilities

MongoDb Insufficiently Protected Credentials Vulnerability (CVE-2021-32039)

WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.11)

Oracle Database Server CVE-2009-3412 Vulnerability (CVE-2009-3412)

WordPress Plugin JS Support Ticket Unspecified Vulnerability (1.1.1)

WordPress Plugin AppPresser-Mobile App Framework Security Bypass (4.3.0)

Severity

Critical

Classification

CVE-2017-16558 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities