Description
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Career Openings Cross-Site Scripting (0.4)
WordPress Plugin Greenshift-animation and page builder blocks Cross-Site Scripting (4.8.8)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0441)
ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0247)