WEB APPLICATION VULNERABILITIES Standard & Premium

Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512)

Description

Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.

Remediation

References

Related Vulnerabilities

WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)

WordPress Plugin Media Library Assistant Multiple Cross-Site Scripting Vulnerabilities (2.73)

Ext JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8046)

WordPress Plugin Warranties and Returns for WooCommerce Security Bypass (5.2.1)

WordPress Plugin Sign-up Sheets Cross-Site Scripting (1.0.13)

Severity

Critical

Classification

CVE-2019-11512 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities