CVE-2017-16558: SQL injection vulnerability

April 25, 2019 (updated April 26, 2019)

Both the search filter in the back end and the “listing” module in the front end are vulnerable to SQL injection. To exploit the vulnerability in the back end, a back end user has to be logged in, whereas the front end vulnerability can be exploited by anyone.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
contao.org/en/news/contao-4_4_8.html

Code Behaviors & Features

Detect and mitigate CVE-2017-16558 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →