GHSA-w38g-hj45-mjjp

Source

https://github.com/advisories/GHSA-w38g-hj45-mjjp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w38g-hj45-mjjp

Aliases

CVE-2017-16558

Published

2022-05-24T16:44:36Z

Modified

2024-04-25T23:28:37.961403Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Contao SQL injection in the backend and listing module

Details

Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the backend as well as in the listing module.

Database specific

{
    "nvd_published_at": "2019-04-25T17:29:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T23:08:50Z"
}

References

Affected packages

Packagist / contao/contao

Package

Name: contao/contao
Purl: pkg:composer/contao/contao

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Last affected

3.5.30

Packagist / contao/contao

Package

Name: contao/contao
Purl: pkg:composer/contao/contao

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.4.8

Packagist / contao/core-bundle

Package

Name: contao/core-bundle
Purl: pkg:composer/contao/core-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.4.8

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.1.0-beta1

4.1.0-RC1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0-beta1

4.2.0-RC1

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0-RC1

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.4.0-beta1

4.4.0-RC1

4.4.0-RC2

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

Packagist / contao/listing-bundle

Package

Name: contao/listing-bundle
Purl: pkg:composer/contao/listing-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.4.8

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.1.0-beta1

4.1.0-RC1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0-beta1

4.2.0-RC1

4.2.0

4.2.1

4.2.2

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.4.0-beta1

4.4.0-RC1

4.4.0-RC2

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

Packagist / contao/core-bundle

Package

Name: contao/core-bundle
Purl: pkg:composer/contao/core-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Last affected

3.5.30

Packagist / contao/listing-bundle

Package

Name: contao/listing-bundle
Purl: pkg:composer/contao/listing-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Last affected

3.5.30