Description

Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.

Remediation

References

CVE-2017-16558

Related Vulnerabilities

WordPress Plugin MasterStudy LMS-for Online Courses and Education Security Bypass (3.2.13)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20151)

MongoDb Improper Input Validation Vulnerability (CVE-2019-2389)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2165)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)

Severity

Critical

Classification

CVE-2017-16558 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities