Lucene search
GoogleOSV:GHSA-VQ59-X6MQ-4WGWHistoryMay 24, 2022 - 4:49 p.m.
Contao SQL injection in the file manager
2022-05-2416:49:47
Google
osv.dev
2
David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4.
References
contao.org/en/news/security-vulnerability-cve-2019-11512.html
github.com/contao/contao/commit/87d92f823b08b91a0aeb522284537c8afcdb8aba
github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-11512.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-11512.yaml
nvd.nist.gov/vuln/detail/CVE-2019-11512
Related
contao
contao
SQL injection in the file manager
2019-04-30 00:00:00
SQL injection in the back end search filter and the listing module
2017-11-15 00:00:00
github
github
Contao SQL injection in the file manager
2022-05-24 16:49:47
Contao SQL injection in the backend and listing module
2022-05-24 16:44:36
nvd
nvd
CVE-2019-11512
2019-07-09 21:15:10
CVE-2017-16558
2019-04-25 17:29:00
friendsofphp
friendsofphp
SQL injection vulnerabililty in the file manager search filter
1970-01-01 00:00:00
SQL injection vulnerabililty in the back end search filter
2017-11-15 08:51:00
SQL injection vulnerabililty in the front end listing module
2017-11-15 08:53:00
veracode
veracode
SQL Injection
2017-11-17 03:48:54
SQL Injection
2019-11-20 04:18:55
cvelist
cvelist
CVE-2017-16558
2019-04-25 16:36:49
CVE-2019-11512
2019-07-09 20:33:49
cve
cve
CVE-2019-11512
2019-07-09 21:15:10
CVE-2017-16558
2019-04-25 17:29:00
osv
osv
CVE-2019-11512
2019-07-09 21:15:10
CVE-2017-16558
2019-04-25 17:29:00
Contao SQL injection in the backend and listing module
2022-05-24 16:44:36
prion
prion
Sql injection
2019-04-25 17:29:00
Sql injection
2019-07-09 21:15:00