GMS-2022-17: Possible SQL injection in tablelookupwizard Contao Extension
Impact
The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.
Patches
The issue has been patched in tablelookupwizard
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/terminal42/contao-tablelookupwizard
- Email us at info@terminal42.ch
References
Detect and mitigate GMS-2022-17 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →