Lucene search
GoogleOSV:CVE-2021-37626HistoryAug 11, 2021 - 11:15 p.m.
CVE-2021-37626
2021-08-1123:15:07
Google
osv.dev
4
contao cms
php files
insert tags
back end users
security vulnerability
update
disable login
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify fields that are shown in the front end. Update to Contao 4.4.56, 4.9.18 or 4.11.7 to resolve. If you cannot update then disable the login for untrusted back end users.
Related
prion
prion
Code injection
2021-08-11 23:15:00
osv
osv
PHP file inclusion via insert tags
2021-08-23 19:41:04
nvd
nvd
CVE-2021-37626
2021-08-11 23:15:07
github
github
PHP file inclusion via insert tags
2021-08-23 19:41:04
friendsofphp
friendsofphp
PHP file inclusion via insert tags
1970-01-01 00:00:00
PHP file inclusion via insert tags
1970-01-01 00:00:00
cvelist
cvelist
CVE-2021-37626 PHP file inclusion via insert tags
2021-08-11 22:20:10
contao
contao
PHP file inclusion via insert tags
2021-08-11 00:00:00
cve
cve
CVE-2021-37626
2021-08-11 23:15:07