CVE-2017-16558
CRITICAL9.8EPSS 0.29%Contao SQL injection in the backend and listing module
發布日:2022/5/24修改日:2024/4/25
描述
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the backend as well as in the listing module.
受影響套件(3)
- Packagist/contao/contao>= 3.0.0, <= 3.5.30
- Packagist/contao/core-bundle>= 4.0.0, < 4.4.8
- Packagist/contao/listing-bundle>= 4.0.0, < 4.4.8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16558
- WEBhttps://contao.org/de/changelog/versions/4.4.html
- WEBhttps://contao.org/en/news/contao-4_4_8.html
- WEBhttps://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
- WEBhttps://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
- WEBhttps://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml