SQL injection in the newsletter module
Date : 2018-01-18 CVE ID : CVE-2018-5478 Description The vulnerability is in the "unsubscribe" module of the newsletter extension. It can easily be exploited by anyone without logging in in the front end. Affected versions Contao 3. up to 3.5.31 Suggested solution Update to Contao 3.5.32...