Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-WJX8-CGRM-HH8P
HistoryDec 17, 2019 - 10:53 p.m.

Unrestricted file uploads in Contao

2019-12-1722:53:10
Google
osv.dev
8

EPSS

0.001

Percentile

41.4%

JSON

Impact

A back end user with access to the form generator can upload arbitrary files and execute them on the server.

Patches

Update to Contao 4.4.46 or 4.8.6.

Workarounds

Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory.

References

https://contao.org/en/security-advisories/unrestricted-file-uploads

For more information

If you have any questions or comments about this advisory, open an issue in contao/contao.

Related

friendsofphp 2
veracode 1
osv 1
contao 1
github 1
cvelist 1
prion 1
cve 1
nvd 1
friendsofphp
friendsofphp
Unrestricted file uploads
1970-01-01 00:00:00
Unrestricted file uploads
1970-01-01 00:00:00
veracode
veracode
Unrestricted File Uploads
2019-12-18 09:41:17
osv
osv
CVE-2019-19745
2019-12-17 15:15:25
contao
contao
Unrestricted file uploads
2019-12-17 00:00:00
github
github
Unrestricted file uploads in Contao
2019-12-17 22:53:10
cvelist
cvelist
CVE-2019-19745
2019-12-17 14:17:35
prion
prion
Design/Logic Flaw
2019-12-17 15:15:00
cve
cve
CVE-2019-19745
2019-12-17 15:15:25
nvd
nvd
CVE-2019-19745
2019-12-17 15:15:25

EPSS

0.001

Percentile

41.4%

JSON
Related for OSV:GHSA-WJX8-CGRM-HH8P
friendsofphp2veracode1osv1contao1github1cvelist1prion1cve1nvd1