CVE-2017-16558 — SQL Injection in Contao

Severity

9.8CRITICALNVD

EPSS

0.3%

top 47.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 25

Latest updateMay 24

Description

Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶Packagistcontao/listing-bundle4.0.0 — 4.4.8+1

▶Packagistcontao/contao4.1.0 — 4.4.39+3

▶Packagistcontao/core-bundle4.1.0 — 4.4.39+3

▶NVDcontao/contao_cms3.0.0 — 3.5.30+1

OSV

Contao SQL injection in the file manager↗2022-05-24

▶

OSV

Contao SQL injection in the backend and listing module↗2022-05-24

▶

GHSA

Contao SQL injection in the file manager↗2022-05-24

▶

GHSA

Contao SQL injection in the backend and listing module↗2022-05-24

▶

CVEList

CVE-2017-16558: Contao 3↗2019-04-25

▶