CVE-2019-11512

Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.
Source: NIST
CVE-2019-11512