GHSA-7FPJ-WC8V-9CGC
Vulnerability from github – Published: 2024-05-30 13:12 – Updated: 2026-01-23 22:53
VLAI?
Summary
Duplicate Advisory: terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Details
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-v3mr-gp7j-pw5w. This link is maintained to preserve external references.
Original Description
Impact
The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.
Patches
The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0.
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/terminal42/contao-tablelookupwizard
- Email us at info@terminal42.ch
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "terminal42/contao-tablelookupwizard"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "3.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-30T13:12:13Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-v3mr-gp7j-pw5w. This link is maintained to preserve external references.\n\n## Original Description\n## Impact\nThe currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility.\n\n## Patches\nThe issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0.\n\n## For more information\nIf you have any questions or comments about this advisory:\n\n- Open an issue in https://github.com/terminal42/contao-tablelookupwizard\n- Email us at info@terminal42.ch",
"id": "GHSA-7fpj-wc8v-9cgc",
"modified": "2026-01-23T22:53:11Z",
"published": "2024-05-30T13:12:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/terminal42/contao-tablelookupwizard/security/advisories/GHSA-v3mr-gp7j-pw5w"
},
{
"type": "WEB",
"url": "https://github.com/terminal42/contao-tablelookupwizard/commit/a5e723a28f110b7df8ffc4175cef9b061d3cc717"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/terminal42/contao-tablelookupwizard/2022-02-04-1.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/terminal42/contao-tablelookupwizard"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: terminal42/contao-tablelookupwizard possible SQL injection in widget field value",
"withdrawn": "2026-01-23T22:53:11Z"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…