CVE-2017-16558 – contao/core-bundle

Package

Manager: composer
Name: contao/core-bundle
Vulnerable Version: >=4.0.0 <4.4.8 || >=3.0.0 <=3.5.30

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00288 pctl0.51827

Details

Contao SQL injection in the backend and listing module Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the backend as well as in the listing module.

Metadata

Created: 2022-05-24T16:44:36Z
Modified: 2024-04-25T23:08:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-w38g-hj45-mjjp
Finding: F297
Auto approve: 1