CVE-2019-11512: Contao SQL injection in the file manager
(updated )
David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4.
References
- contao.org/en/news/security-vulnerability-cve-2019-11512.html
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-11512.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-11512.yaml
- github.com/advisories/GHSA-vq59-x6mq-4wgw
- github.com/contao/contao/commit/87d92f823b08b91a0aeb522284537c8afcdb8aba
- nvd.nist.gov/vuln/detail/CVE-2019-11512
Code Behaviors & Features
Detect and mitigate CVE-2019-11512 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →