516 matches found
CVE-2025-57758 Contao has improper access control in the back end voters
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...
CVE-2025-57758 Contao has improper access control in the back end voters
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...
CVE-2025-57758
Contao CMS vulnerability CVE-2025-57758 affects Contao Core (versions from 5.0.0 up to, but not including, 5.3.38 and 5.6.1). The back-end table access voter fails to verify whether a user is allowed to access the target module, enabling improper access control. Patches are implemented in Contao ...
CVE-2025-57757 Contao discloses information in the news module
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...
CVE-2025-57757
Contao CMS vulnerability CVE-2025-57757: In Contao versions prior to 5.3.38 and 5.6.1, protected news archives in the news feed are not filtered, causing confidential items to appear in the RSS feed. This is patched in 5.3.38 and 5.6.1. Workaround: do not include protected archives in the feed. A...
CVE-2025-57757 Contao discloses information in the news module
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...
CVE-2025-57757 Contao discloses information in the news module
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...
CVE-2025-57756 Contao discloses sensitive information in the front end search index
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...
CVE-2025-57756 Contao discloses sensitive information in the front end search index
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...
GHSA-QQFQ-7CPP-HCQJ Contao does not properly manage privileges for page and article fields
Impact Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds None. For more information If you have any questions or comments about this advisory, open an issue in...
GHSA-W53M-GXVG-VX7P Contao can disclose sensitive information in the news module
Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not add protected news archives to the news feed page. For more information If you have any questions o...
Contao can disclose sensitive information in the news module
Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not add protected news archives to the news feed page. For more information If you have any questions o...
Contao discloses sensitive information in the front end search index
Impact Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. Patches Update to Contao 4.13.56, 5.3.38 or 5.6.1. Workarounds Disable the front end search. For more information If you have any questions or comments about this...
Contao applies improper access control in the back end voters
Impact The table access voter in the back end doesn't check if a user is allowed to access the corresponding module. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not rely solely on the voter and additionally check USERCANACCESSMODULE. For more information If you have any questions or...
GHSA-7M47-R75R-CX8V Contao applies improper access control in the back end voters
Impact The table access voter in the back end doesn't check if a user is allowed to access the corresponding module. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not rely solely on the voter and additionally check USERCANACCESSMODULE. For more information If you have any questions or...
Contao 访问控制错误漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. An access control error vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from the back-end...
PT-2025-35105
Name of the Vulnerable Software and Affected Versions: Contao versions 5.3.0 through 5.3.37 Contao versions 5.6.0 Description: Contao is an Open Source CMS. Back end users may be able to edit fields of pages and articles without the necessary permissions under certain conditions. Recommendations:...
Contao 安全漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...
PT-2025-35104
Name of the Vulnerable Software and Affected Versions: Contao versions 5.0.0 through 5.3.37 Contao versions 5.6.0 through 5.6.0 Description: The table access voter in the back end does not verify if a user has permission to access the corresponding module. As a workaround, do not solely rely on t...
Contao 安全漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from the possibility of...