First published: Wed Jan 29 2020(Updated: )
Contao core prior to 2.11.4 has a SQL injection vulnerability in `contao-2.11.3\system\modules\backend\Ajax.php`
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Contao Contao | <2.11.4 | |
composer/contao/core | <2.11.4 | 2.11.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2012-4383.
The severity of CVE-2012-4383 is high with a CVSS score of 8.8.
The affected software is Contao prior to version 2.11.4.
CVE-2012-4383 allows an attacker to execute SQL injection attacks on Contao prior to version 2.11.4.
To mitigate CVE-2012-4383, you should update Contao to version 2.11.4 or later.