CVE-2017-16558: Contao SQL injection in the backend and listing module
(updated )
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the backend as well as in the listing module.
References
- contao.org/de/changelog/versions/4.4.html
- contao.org/en/news/contao-4_4_8.html
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
- github.com/advisories/GHSA-w38g-hj45-mjjp
- github.com/contao/contao/blob/4.4.57/CHANGELOG.md
- github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
- github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
- nvd.nist.gov/vuln/detail/CVE-2017-16558
Code Behaviors & Features
Detect and mitigate CVE-2017-16558 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →