13 matches found
PT-2026-49077
Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...
EUVD-2025-26127
Malicious code in bioql PyPI...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to protected content elements rendered as fragments being indexed in the front-end search, which allows an attacker to access sensitive content publicly...
CVE-2025-57756
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...
CVE-2025-57756
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...
Incorrect Authorization
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Incorrect Authorization in the fragments rendering process. An attacker can access sensitive...
CVE-2025-57756
Contao CMS vulnerability CVE-2025-57756: Protected content elements rendered as fragments are indexed by the front-end search, exposing content publicly. Affected versions range from 4.9.14 up to before 4.13.56, 5.3.38, and 5.6.1. The issue is fixed in 4.13.56, 5.3.38, and 5.6.1. Workaround: disa...
CVE-2025-57756 Contao discloses sensitive information in the front end search index
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...
CVE-2025-57756 Contao discloses sensitive information in the front end search index
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...
Contao discloses sensitive information in the front end search index
Impact Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. Patches Update to Contao 4.13.56, 5.3.38 or 5.6.1. Workarounds Disable the front end search. For more information If you have any questions or comments about this...
PT-2025-35102
Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.56 Contao versions prior to 5.3.38 Contao versions prior to 5.6.1 Contao versions starting from 4.9.14 through 5.6.1 Description: Protected content elements rendered as fragments are indexed and become publicly...
Contao 安全漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.13.56 and versions prior to 5.6.1, which stems from protected content...
wdja SQL注入漏洞
Wdja is a Php-based content management system from the WDJA team. v2.1 of WDJA is vulnerable to SQL injection, which stems from the impact of a SQL injection vulnerability in the front-end search function. An attacker can exploit the vulnerability for SQL injection...