CVE-2017-16558
CRITICAL9.8EPSS 0.29%Contao SQL injection in the backend and listing module
Published: 5/24/2022Modified: 4/25/2024
Description
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the backend as well as in the listing module.
Affected packages (3)
- Packagist/contao/contao>= 3.0.0, <= 3.5.30
- Packagist/contao/core-bundle>= 4.0.0, < 4.4.8
- Packagist/contao/listing-bundle>= 4.0.0, < 4.4.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16558
- WEBhttps://contao.org/de/changelog/versions/4.4.html
- WEBhttps://contao.org/en/news/contao-4_4_8.html
- WEBhttps://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
- WEBhttps://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
- WEBhttps://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml