terminal42/contao-tablelookupwizard possible SQL injection in widget field value
The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.
Advisories for Composer/Terminal42/Contao-Tablelookupwizard package
2024
2022
Possible SQL injection in tablelookupwizard Contao Extension
Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard For more information If you have any questions or comments about this advisory: Open an issue in https://github.com/terminal42/contao-tablelookupwizard Email us at info@terminal42.ch