Lucene search
K

516 matches found

Cvelist
Cvelist
added 2025/08/28 4:32 p.m.8 views

CVE-2025-57758 Contao has improper access control in the back end voters

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...

4.3CVSS0.00225EPSS
Exploits0References3
OSV
OSV
added 2025/08/28 4:32 p.m.6 views

CVE-2025-57758 Contao has improper access control in the back end voters

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...

4.3CVSS6.4AI score0.00225EPSS
Exploits0References5
CVE
CVE
added 2025/08/28 4:32 p.m.17 views

CVE-2025-57758

Contao CMS vulnerability CVE-2025-57758 affects Contao Core (versions from 5.0.0 up to, but not including, 5.3.38 and 5.6.1). The back-end table access voter fails to verify whether a user is allowed to access the target module, enabling improper access control. Patches are implemented in Contao ...

4.3CVSS6.1AI score0.00225EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/08/28 4:32 p.m.9 views

CVE-2025-57757 Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

5.3CVSS0.00281EPSS
Exploits0References3
CVE
CVE
added 2025/08/28 4:32 p.m.22 views

CVE-2025-57757

Contao CMS vulnerability CVE-2025-57757: In Contao versions prior to 5.3.38 and 5.6.1, protected news archives in the news feed are not filtered, causing confidential items to appear in the RSS feed. This is patched in 5.3.38 and 5.6.1. Workaround: do not include protected archives in the feed. A...

5.3CVSS6.2AI score0.00281EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/28 4:32 p.m.1 views

CVE-2025-57757 Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

5.3CVSS6.2AI score0.00281EPSS
Exploits0References3
OSV
OSV
added 2025/08/28 4:32 p.m.6 views

CVE-2025-57757 Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

5.3CVSS6.5AI score0.00281EPSS
Exploits0References5
OSV
OSV
added 2025/08/28 4:31 p.m.6 views

CVE-2025-57756 Contao discloses sensitive information in the front end search index

Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...

5.3CVSS6.5AI score0.00266EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/28 4:31 p.m.12 views

CVE-2025-57756 Contao discloses sensitive information in the front end search index

Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...

5.3CVSS0.00266EPSS
Exploits0References3
OSV
OSV
added 2025/08/28 2:58 p.m.5 views

GHSA-QQFQ-7CPP-HCQJ Contao does not properly manage privileges for page and article fields

Impact Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds None. For more information If you have any questions or comments about this advisory, open an issue in...

4.3CVSS6.9AI score0.00225EPSS
Exploits0References5
OSV
OSV
added 2025/08/28 2:58 p.m.2 views

GHSA-W53M-GXVG-VX7P Contao can disclose sensitive information in the news module

Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not add protected news archives to the news feed page. For more information If you have any questions o...

5.3CVSS7AI score0.00281EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/28 2:58 p.m.7 views

Contao can disclose sensitive information in the news module

Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not add protected news archives to the news feed page. For more information If you have any questions o...

5.3CVSS7AI score0.00281EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/08/28 2:57 p.m.9 views

Contao discloses sensitive information in the front end search index

Impact Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. Patches Update to Contao 4.13.56, 5.3.38 or 5.6.1. Workarounds Disable the front end search. For more information If you have any questions or comments about this...

5.3CVSS7AI score0.00266EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/08/28 2:40 p.m.6 views

Contao applies improper access control in the back end voters

Impact The table access voter in the back end doesn't check if a user is allowed to access the corresponding module. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not rely solely on the voter and additionally check USERCANACCESSMODULE. For more information If you have any questions or...

4.3CVSS6.9AI score0.00225EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/08/28 2:40 p.m.7 views

GHSA-7M47-R75R-CX8V Contao applies improper access control in the back end voters

Impact The table access voter in the back end doesn't check if a user is allowed to access the corresponding module. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not rely solely on the voter and additionally check USERCANACCESSMODULE. For more information If you have any questions or...

4.3CVSS6.9AI score0.00225EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.5 views

Contao 访问控制错误漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. An access control error vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from the back-end...

4.3CVSS6.5AI score0.00225EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35105

Name of the Vulnerable Software and Affected Versions: Contao versions 5.3.0 through 5.3.37 Contao versions 5.6.0 Description: Contao is an Open Source CMS. Back end users may be able to edit fields of pages and articles without the necessary permissions under certain conditions. Recommendations:...

4.3CVSS6.3AI score0.00225EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.16 views

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...

5.3CVSS6.3AI score0.00281EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35104

Name of the Vulnerable Software and Affected Versions: Contao versions 5.0.0 through 5.3.37 Contao versions 5.6.0 through 5.6.0 Description: The table access voter in the back end does not verify if a user has permission to access the corresponding module. As a workaround, do not solely rely on t...

4.3CVSS6.3AI score0.00225EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.14 views

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from the possibility of...

4.3CVSS6.5AI score0.00225EPSS
Exploits0References5
Rows per page
Query Builder