GHSA-7fpj-wc8v-9cgc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7fpj-wc8v-9cgc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-7fpj-wc8v-9cgc/GHSA-7fpj-wc8v-9cgc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7fpj-wc8v-9cgc
- Published
- 2024-05-30T13:12:13Z
- Modified
- 2024-12-05T05:43:42.900830Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- terminal42/contao-tablelookupwizard possible SQL injection in widget field value
- Details
-
Impact
The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.
Patches
The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0.
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/terminal42/contao-tablelookupwizard
- Email us at info@terminal42.ch
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-89" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-05-30T13:12:13Z" }- References
-
- https://github.com/terminal42/contao-tablelookupwizard/security/advisories/GHSA-v3mr-gp7j-pw5w
- https://github.com/terminal42/contao-tablelookupwizard/commit/a5e723a28f110b7df8ffc4175cef9b061d3cc717
- https://github.com/FriendsOfPHP/security-advisories/blob/master/terminal42/contao-tablelookupwizard/2022-02-04-1.yaml
- https://github.com/terminal42/contao-tablelookupwizard
Affected packages
Packagist / terminal42/contao-tablelookupwizard
Package
- Name
- terminal42/contao-tablelookupwizard
- Purl
- pkg:composer/terminal42/contao-tablelookupwizard