GHSA-w38g-hj45-mjjp

Source

https://github.com/advisories/GHSA-w38g-hj45-mjjp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w38g-hj45-mjjp

Aliases

CVE-2017-16558

Published

2022-05-24T16:44:36Z

Modified

2024-04-25T23:28:37.961403Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Contao SQL injection in the backend and listing module

Details

Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the backend as well as in the listing module.

Database specific

{
    "github_reviewed": true,
    "severity": "CRITICAL",
    "nvd_published_at": "2019-04-25T17:29:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "github_reviewed_at": "2024-04-25T23:08:50Z"
}

References

Affected packages

Packagist

contao/contao

Package

Name: contao/contao
Purl: pkg:composer/contao/contao

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Last affected

3.5.30

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json"

contao/contao

Package

Name: contao/contao
Purl: pkg:composer/contao/contao

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.4.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json"

contao/core-bundle

Package

Name: contao/core-bundle
Purl: pkg:composer/contao/core-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.4.8

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.1.0-beta1

4.1.0-RC1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0-beta1

4.2.0-RC1

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0-RC1

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.4.0-beta1

4.4.0-RC1

4.4.0-RC2

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json"

contao/listing-bundle

Package

Name: contao/listing-bundle
Purl: pkg:composer/contao/listing-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.4.8

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.1.0-beta1

4.1.0-RC1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0-beta1

4.2.0-RC1

4.2.0

4.2.1

4.2.2

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.4.0-beta1

4.4.0-RC1

4.4.0-RC2

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json"

contao/core-bundle

Package

Name: contao/core-bundle
Purl: pkg:composer/contao/core-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Last affected

3.5.30

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json"

contao/listing-bundle

Package

Name: contao/listing-bundle
Purl: pkg:composer/contao/listing-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Last affected

3.5.30

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w38g-hj45-mjjp/GHSA-w38g-hj45-mjjp.json"