Lucene search
+L

5 matches found

OSV
OSV
added 2022/05/14 1:9 a.m.23 views

GHSA-HWMH-9JJ9-8C9C Contao CSRF Token Bypass

Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...

8.8CVSS8.6AI score0.00499EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 1:9 a.m.20 views

Contao CSRF Token Bypass

Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...

8.8CVSS6.8AI score0.00499EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2022/05/13 1:7 a.m.15 views

GHSA-J99G-QJVX-995G Contao Does Not Expire Tokens Correctly

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...

9.8CVSS9.4AI score0.01254EPSS
Exploits0References6
Contao
Contao
added 2019/04/09 12:0 a.m.20 views

Session invalidation upon password changes

Date : 2019-04-09 CVE ID : CVE-2019-10641 Description Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. Affected versions Contao 3. up to 3.5.38 Contao 4.0 Contao 4.1 Contao 4.2 Conta...

9.8CVSS9.3AI score0.01048EPSS
Exploits0Affected Software1
Contao
Contao
added 2019/04/09 12:0 a.m.47 views

Invalidating opt-in tokens

Date : 2019-04-09 CVEID : CVE-2019-10643 Description Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...

9.8CVSS9.4AI score0.01254EPSS
Exploits0Affected Software1
Rows per page
Query Builder