Critical severityOSV Advisory· Published Apr 25, 2019· Updated Aug 5, 2024
CVE-2017-16558
CVE-2017-16558
Description
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
contao/contaoPackagist | >= 3.0.0, <= 3.5.30 | — |
contao/contaoPackagist | >= 4.0.0, < 4.4.8 | 4.4.8 |
contao/core-bundlePackagist | >= 4.0.0, < 4.4.8 | 4.4.8 |
contao/listing-bundlePackagist | >= 4.0.0, < 4.4.8 | 4.4.8 |
contao/core-bundlePackagist | >= 3.0.0, <= 3.5.30 | — |
contao/listing-bundlePackagist | >= 3.0.0, <= 3.5.30 | — |
Affected products
4- ghsa-coords3 versions
>= 3.0.0, <= 3.5.30+ 2 more
- (no CPE)range: >= 3.0.0, <= 3.5.30
- (no CPE)range: >= 4.0.0, < 4.4.8
- (no CPE)range: >= 4.0.0, < 4.4.8
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-w38g-hj45-mjjpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-16558ghsaADVISORY
- contao.org/de/changelog/versions/4.4.htmlghsax_refsource_CONFIRMWEB
- contao.org/en/news/contao-4_4_8.htmlghsax_refsource_CONFIRMWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yamlghsaWEB
- github.com/contao/contao/blob/4.4.57/CHANGELOG.mdghsaWEB
- github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3eghsaWEB
- github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544ghsaWEB
News mentions
0No linked articles in our index yet.