GMS-2022-17: Possible SQL injection in tablelookupwizard Contao Extension

February 10, 2022

Impact

The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.

Patches

The issue has been patched in tablelookupwizard

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/terminal42/contao-tablelookupwizard
Email us at info@terminal42.ch

References

github.com/advisories/GHSA-v3mr-gp7j-pw5w
github.com/terminal42/contao-tablelookupwizard/commit/a5e723a28f110b7df8ffc4175cef9b061d3cc717
github.com/terminal42/contao-tablelookupwizard/security/advisories/GHSA-v3mr-gp7j-pw5w

Code Behaviors & Features

Detect and mitigate GMS-2022-17 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →