contao/core is vulnerable to SQL Injection attacks. The library does not properly sanitize the search filter in the backend, allowing a malicious user to inject and execute arbitrary SQL commands.
CPE | Name | Operator | Version |
---|---|---|---|
contao/core | le | 3.5.30 | |
contao/contao | le | 4.4.7 |