PT-2025-48077

Name of the Vulnerable Software and Affected Versions Contao versions 4.0.0 through 4.13.56 Contao versions 5.3.0 through 5.3.41 Contao versions 5.6.0 through 5.6.4 Description Backend users with control over template closures can execute arbitrary PHP functions without required parameters. The...

EUVD-2022-2437

Malicious code in bioql PyPI...

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from the possibility of...

CVE-2021-37626

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

GHSA-4P75-5P53-65M9 Contao affected by directory traversal in the file selector widget

Impact Back end users can list files outside their file mounts or the document root in the FileSelector widget. Patches Update to Contao 4.13.49. Workarounds None. References https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget For more information If you have...

Contao 跨站脚本漏洞

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that originates from the possibility of an untrusted back-end user injecting malicious co...

CVE-2021-37626

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

Code injection

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

Code injection

Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users...

CVE-2021-37626 PHP file inclusion via insert tags

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

Privilege escalation with the form generator

Date : 2021-08-11 CVE ID : CVE-2021-37627 Description It is possible for untrusted users to gain administrator rights with the form generator. Installations are only affected if there are untrusted back end users with access to the form generator. Affected versions Contao 4.0 Contao 4.1 Contao 4....

PHP file inclusion via insert tags

Date : 2021-08-11 CVE ID : CVE-2021-37626 Description It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.55 Contao...

CVE-2019-19712

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them...

Information disclosure in the back end

Date : 2019-12-17 CVE ID : CVE-2019-19712 Description Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.45 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4....