Severity: Critical
CVSS Score: 9.8
### Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. ### Patches The issue has been patched in `tablelookupwizard` version 3.3.5 and version 4.0.0. ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/terminal42/contao-tablelookupwizard * Email us at [info@terminal42.ch](mailto:info@terminal42.ch)