Contao · Contao · CVE-2019-11512
**Name of the Vulnerable Software and Affected Versions**
Contao versions prior to 4.4.39
Contao versions prior to 4.7.5
**Description**
The issue allows SQL Injection. A penetration tester discovered that the SQL injection vulnerability can still be exploited in the file manager in Contao 4.
**Recommendations**
For Contao versions prior to 4.4.39, update to Contao 4.4.39 or later.
For Contao versions prior to 4.7.5, update to Contao 4.7.5 or later.