CVE-2017-16558
- Source
- https://cve.org/CVERecord?id=CVE-2017-16558
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16558.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-16558
- Aliases
- Published
- 2019-04-25T17:29:00.220Z
- Modified
- 2025-12-06T06:47:09.790640Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
- References
Affected packages
Git / github.com/contao/contao
Git / github.com/contao/core
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.RC1
3.1.beta1
3.2.0
3.2.1
3.2.10
3.2.11
3.2.12
3.2.13
3.2.15
3.2.16
3.2.17
3.2.18
3.2.19
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.2.RC1
3.2.beta1
3.2.beta2
3.3.0
3.3.0-RC1
3.3.0-RC2
3.3.0-beta1
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.RC1
3.3.RC2
3.3.beta1
3.4.0
3.4.0-RC1
3.4.0-beta1
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.5.0
3.5.0-RC1
3.5.0-beta1
3.5.1
3.5.10
3.5.11
3.5.12
3.5.13
3.5.14
3.5.15
3.5.16
3.5.17
3.5.18
3.5.19
3.5.2
3.5.20
3.5.21
3.5.22
3.5.23
3.5.24
3.5.25
3.5.26
3.5.27
3.5.28
3.5.29
3.5.3
3.5.30
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9