CVE-2012-4383: Contao core SQL Injection Vulnerability

April 23, 2022 (updated April 25, 2024)

Contao core prior to 2.11.4 has a SQL injection vulnerability in contao-2.11.3\system\modules\backend\Ajax.php

References

github.com/advisories/GHSA-9jq2-jvwc-p52f
github.com/contao/core
github.com/contao/core/commit/2bf4fc380e19895127cbeaba62bff951a3b8e5cb
github.com/contao/core/issues/4427
nvd.nist.gov/vuln/detail/CVE-2012-4383

Detect and mitigate CVE-2012-4383 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →