Insufficient input validation allows for code injection and remote execution

PKSA-r8p4-983n-brfy

Affected package: contao/core

Affected version: >=2.0.0,<2.11.17|>=3.0.0,<3.2.9

Reported by:
FriendsOfPHP/security-advisories