Lucene search
GitHub Advisory DatabaseGHSA-7FPJ-WC8V-9CGCHistoryMay 30, 2024 - 1:12 p.m.
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
2024-05-3013:12:13
CWE-89
GitHub Advisory Database
github.com
1
sql injection
contao-tablelookupwizard
database
patch
advisory
software
8 High
AI Score
Confidence
High
Impact
The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.
Patches
The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0.
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/terminal42/contao-tablelookupwizard
- Email us at [email protected]
Affected configurations
Node
terminal42contao-tablelookupwizardRange1.0.0≥
ORterminal42contao-tablelookupwizardRange<3.3.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| terminal42/contao-tablelookupwizard | ge | 1.0.0 | |
| terminal42/contao-tablelookupwizard | lt | 3.3.5 |
References
github.com/advisories/GHSA-7fpj-wc8v-9cgc
github.com/FriendsOfPHP/security-advisories/blob/master/terminal42/contao-tablelookupwizard/2022-02-04-1.yaml
github.com/terminal42/contao-tablelookupwizard/commit/a5e723a28f110b7df8ffc4175cef9b061d3cc717
github.com/terminal42/contao-tablelookupwizard/security/advisories/GHSA-v3mr-gp7j-pw5w
8 High
AI Score
Confidence
High